Vulnerability Description
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Nextscale N1200 Enclosure Firmware | < fhet50b-2.90 |
| Lenovo | Nextscale N1200 Enclosure | - |
| Lenovo | Thinkagile Hx Enclosure Certified Node Firmware | < tesm28b-1.21 |
| Lenovo | Thinkagile Hx Enclosure Certified Node | - |
| Lenovo | Thinkagile Vx Enclosure Firmware | < tesm28b-1.21 |
| Lenovo | Thinkagile Vx Enclosure | - |
| Lenovo | Thinksystem D2 Enclosure Firmware | < tesm28b-1.21 |
| Lenovo | Thinksystem D2 Enclosure | - |
| Ibm | Nextscale Fan Power Controller Firmware | < 44a-3.70 |
| Ibm | Nextscale Fan Power Controller | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-72615Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-72615Vendor Advisory
FAQ
What is CVE-2021-3897?
CVE-2021-3897 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an...
How severe is CVE-2021-3897?
CVE-2021-3897 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-3897?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Nextscale N1200 Enclosure Firmware, Lenovo Nextscale N1200 Enclosure, Lenovo Thinkagile Hx Enclosure Certified Node Firmware, Lenovo Thinkagile Hx Enclosure Certified Node, Lenovo Thinkagile Vx Enclosure Firmware.