CVE-2021-3897
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
Affected (5)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before fhet50b-2.90 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Nextscale N1200 Enclosure | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before tesm28b-1.21 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkagile Hx Enclosure Certified Node | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before tesm28b-1.21 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinkagile Vx Enclosure | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before tesm28b-1.21 |
| Running on/with | Platform Versions |
|---|---|
Lenovo Thinksystem D2 Enclosure | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 44a-3.70 |
| Running on/with | Platform Versions |
|---|---|
Ibm Nextscale Fan Power Controller | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.