Authentication flaw

2022-04-2221:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

CPENameOperatorVersion
nextscale_fan_power_controller_firmwareeq< 44a-3.70
nextscale_n1200_enclosure_firmwareeq< fhet50b-2.90
thinkagile_hx_enclosure_certified_node_firmwareeq< tesm28b-1.21
thinkagile_vx_enclosure_firmwareeq< tesm28b-1.21
thinksystem_d2_enclosure_firmwareeq< tesm28b-1.21

Name	Operator	Version
nextscale_fan_power_controller_firmware	eq	< 44a-3.70
nextscale_n1200_enclosure_firmware	eq	< fhet50b-2.90
thinkagile_hx_enclosure_certified_node_firmware	eq	< tesm28b-1.21
thinkagile_vx_enclosure_firmware	eq	< tesm28b-1.21
thinksystem_d2_enclosure_firmware	eq	< tesm28b-1.21

References

support.lenovo.com/us/en/product_security/LEN-72615