CVE-2021-3849
Summary
| CVE | CVE-2021-3849 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-22 21:15:00 UTC |
| Updated | 2022-10-27 11:55:00 UTC |
| Description | An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ibm | Nextscale Fan Power Controller | - | All | All | All |
| Operating System | Ibm | Nextscale Fan Power Controller Firmware | All | All | All | All |
| Hardware | Lenovo | Nextscale N1200 Enclosure | - | All | All | All |
| Operating System | Lenovo | Nextscale N1200 Enclosure Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkagile Hx Enclosure Certified Node | - | All | All | All |
| Operating System | Lenovo | Thinkagile Hx Enclosure Certified Node Firmware | All | All | All | All |
| Hardware | Lenovo | Thinkagile Vx Enclosure | - | All | All | All |
| Operating System | Lenovo | Thinkagile Vx Enclosure Firmware | All | All | All | All |
| Hardware | Lenovo | Thinksystem D2 Enclosure | - | All | All | All |
| Operating System | Lenovo | Thinksystem D2 Enclosure Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Authentication Bypass Vulnerabilities in FPC2 and SMM Firmware - Lenovo Support US | CONFIRM | support.lenovo.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.