CVE-2021-3956
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.
Se ha informado de una vulnerabilidad de elusión de autenticación de solo lectura en la versión del tercer trimestre de 2021 del firmware de Lenovo XClarity Controller (XCC) que afecta a los dispositivos XCC configurados en el modo de solo autenticación LDAP y que usan un servidor LDAP que admite €œunauthenticated bindâ€?, como Microsoft Active Directory. Un usuario no autenticado puede conseguir acceso de sólo lectura al XCC en dicha configuración, lo que permite visualizar la configuración del dispositivo XCC pero no modificarla. Los dispositivos XCC configurados para usar la autenticación local, el modo de autenticación + autorización LDAP o los servidores LDAP que sólo admiten la "vinculación autenticada" y/o la "vinculación anónima" no están afectados
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-12 CVE Reserved
- 2022-05-18 CVE Published
- 2023-10-29 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-72074 | 2022-06-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx1320 Search vendor "Lenovo" for product "Thinkagile Hx1320" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx1321 Search vendor "Lenovo" for product "Thinkagile Hx1321" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx1520-r Search vendor "Lenovo" for product "Thinkagile Hx1520-r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx1521-r Search vendor "Lenovo" for product "Thinkagile Hx1521-r" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx2320-e Search vendor "Lenovo" for product "Thinkagile Hx2320-e" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx2321 Search vendor "Lenovo" for product "Thinkagile Hx2321" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3320 Search vendor "Lenovo" for product "Thinkagile Hx3320" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3321 Search vendor "Lenovo" for product "Thinkagile Hx3321" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3375 Search vendor "Lenovo" for product "Thinkagile Hx3375" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3376 Search vendor "Lenovo" for product "Thinkagile Hx3376" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3520-g Search vendor "Lenovo" for product "Thinkagile Hx3520-g" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3521-g Search vendor "Lenovo" for product "Thinkagile Hx3521-g" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5520 Search vendor "Lenovo" for product "Thinkagile Hx5520" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5520-c Search vendor "Lenovo" for product "Thinkagile Hx5520-c" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5521 Search vendor "Lenovo" for product "Thinkagile Hx5521" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5521-c Search vendor "Lenovo" for product "Thinkagile Hx5521-c" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7520 Search vendor "Lenovo" for product "Thinkagile Hx7520" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7521 Search vendor "Lenovo" for product "Thinkagile Hx7521" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx2320 Search vendor "Lenovo" for product "Thinkagile Vx2320" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3320 Search vendor "Lenovo" for product "Thinkagile Vx3320" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3520-g Search vendor "Lenovo" for product "Thinkagile Vx3520-g" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx5520 Search vendor "Lenovo" for product "Thinkagile Vx5520" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7320 N Search vendor "Lenovo" for product "Thinkagile Vx7320 N" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7520 Search vendor "Lenovo" for product "Thinkagile Vx7520" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7520 N Search vendor "Lenovo" for product "Thinkagile Vx7520 N" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkstation P920 Search vendor "Lenovo" for product "Thinkstation P920" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr530 Search vendor "Lenovo" for product "Thinksystem Sr530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr550 Search vendor "Lenovo" for product "Thinksystem Sr550" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr570 Search vendor "Lenovo" for product "Thinksystem Sr570" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr590 Search vendor "Lenovo" for product "Thinksystem Sr590" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr630 Search vendor "Lenovo" for product "Thinksystem Sr630" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr645 Search vendor "Lenovo" for product "Thinksystem Sr645" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr650 Search vendor "Lenovo" for product "Thinksystem Sr650" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr665 Search vendor "Lenovo" for product "Thinksystem Sr665" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 7.22_cdi382o Search vendor "Lenovo" for product "Xclarity Controller" and version " < 7.22_cdi382o" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St550 Search vendor "Lenovo" for product "Thinksystem St550" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 2.32_psi342n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 2.32_psi342n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7820 Search vendor "Lenovo" for product "Thinkagile Hx7820" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 2.32_psi342n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 2.32_psi342n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7821 Search vendor "Lenovo" for product "Thinkagile Hx7821" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 2.32_psi342n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 2.32_psi342n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr950 Search vendor "Lenovo" for product "Thinksystem Sr950" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 3.41_tei382m Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.41_tei382m" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx1021 Search vendor "Lenovo" for product "Thinkagile Mx1021" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 3.41_tei382m Search vendor "Lenovo" for product "Xclarity Controller" and version " < 3.41_tei382m" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Se350 Search vendor "Lenovo" for product "Thinksystem Se350" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 4.83_tei3c0n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 4.83_tei3c0n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sd650 Search vendor "Lenovo" for product "Thinksystem Sd650" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 4.83_tei3c0n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 4.83_tei3c0n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sn550 Search vendor "Lenovo" for product "Thinksystem Sn550" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 4.83_tei3c0n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 4.83_tei3c0n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sn850 Search vendor "Lenovo" for product "Thinksystem Sn850" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 4.83_tei3c0n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 4.83_tei3c0n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr850 Search vendor "Lenovo" for product "Thinksystem Sr850" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 4.83_tei3c0n Search vendor "Lenovo" for product "Xclarity Controller" and version " < 4.83_tei3c0n" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr860 Search vendor "Lenovo" for product "Thinksystem Sr860" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 1.51_tgbt24l Search vendor "Lenovo" for product "Xclarity Controller" and version " < 1.51_tgbt24l" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr850 Search vendor "Lenovo" for product "Thinksystem Sr850" | 2.0 Search vendor "Lenovo" for product "Thinksystem Sr850" and version "2.0" | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Xclarity Controller Search vendor "Lenovo" for product "Xclarity Controller" | < 1.51_tgbt24l Search vendor "Lenovo" for product "Xclarity Controller" and version " < 1.51_tgbt24l" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr860 Search vendor "Lenovo" for product "Thinksystem Sr860" | 2.0 Search vendor "Lenovo" for product "Thinksystem Sr860" and version "2.0" | - |
Safe
|