Vulnerabilities > CVE-2021-3897

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

lenovo

ibm

critical

NVD

Published: 2022-04-22

Updated: 2022-08-09

Summary

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Nextscale N1200 Enclosure Firmware - Lenovo Thinkagile HX Enclosure Certified Node Firmware - Lenovo Thinkagile VX Enclosure Firmware - Lenovo Thinksystem D2 Enclosure Firmware -	4
OS	Ibm IBM Nextscale FAN Power Controller Firmware -	1
Hardware	Lenovo Lenovo Nextscale N1200 Enclosure - Lenovo Thinkagile HX Enclosure Certified Node - Lenovo Thinkagile VX Enclosure - Lenovo Thinksystem D2 Enclosure -	4
Hardware	Ibm IBM Nextscale FAN Power Controller -	1

References

https://support.lenovo.com/us/en/product_security/LEN-72615

Vulnerabilities > CVE-2021-3897 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-3897"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-3897