Vulnerability Description
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
CVSS Score
6.3
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | A1 Firmware | < 5.3.6.a1 |
| Lenovo | A1 | - |
| Lenovo | T1 Firmware | < 5.3.6.t1 |
| Lenovo | T1 | - |
| Lenovo | X1 Firmware | < 5.3.8.x1 |
| Lenovo | X1 | - |
| Lenovo | T2 Firmware | < 5.3.8.t2 |
| Lenovo | T2 | - |
| Lenovo | T2Pro Firmware | < 5.3.7.t2-pro |
| Lenovo | T2Pro | - |
Related Weaknesses (CWE)
References
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
- https://iknow.lenovo.com.cn/detail/dc_200017.htmlVendor Advisory
FAQ
What is CVE-2021-42851?
CVE-2021-42851 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
How severe is CVE-2021-42851?
CVE-2021-42851 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42851?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo A1 Firmware, Lenovo A1, Lenovo T1 Firmware, Lenovo T1, Lenovo X1 Firmware.