cve-2021-3956
Vulnerability from cvelistv5
Published
2022-05-18 16:10
Modified
2024-08-03 17:09
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.
References
psirt@lenovo.comhttps://support.lenovo.com/us/en/product_security/LEN-72074Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/product_security/LEN-72074Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "XClarity Controller (XCC)",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "various Third Quarter 2021 releases"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-18T16:10:24",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section of LEN-72074."
        }
      ],
      "source": {
        "advisory": "LEN-72074",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2021-3956",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "XClarity Controller (XCC)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "various Third Quarter 2021 releases"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-863 Incorrect Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-72074",
              "refsource": "MISC",
              "url": "https://support.lenovo.com/us/en/product_security/LEN-72074"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section of LEN-72074."
          }
        ],
        "source": {
          "advisory": "LEN-72074",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2021-3956",
    "datePublished": "2022-05-18T16:10:24",
    "dateReserved": "2021-11-12T00:00:00",
    "dateUpdated": "2024-08-03T17:09:09.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.22_cdi382o\", \"matchCriteriaId\": \"1749A9CB-1719-4CC8-8476-D06D99BB2A2F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E72B2526-8BD9-49FD-BDCF-B654BCEAC8AE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx1321:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADFD8C5A-D9E0-4EFF-92A3-17A6DBE7D155\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx1520-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"648DD614-F500-4FFB-8FD4-D2B284FE5E55\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx1521-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D33A804F-C94C-4A6C-AA84-957834680652\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx2320-e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DECFCE59-8456-47A3-8A8E-989813E37674\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx2321:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5E515C4-D2F2-4A71-9A9C-70A80477352A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03D3EBE9-34C1-45CA-A800-B313110409DC\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx3321:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86E6A2F7-7EC0-46E1-A973-2172B076E883\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8126219-A07C-42A6-9553-B6AE499DB6BF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57D7A545-BE29-4F0B-AC77-8E6DE955CA5B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9D354C3-0183-42D9-97D0-C9888B023195\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx3521-g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E0DDCC8-46B7-43FA-8A4A-BCE8AB7F8480\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx5520:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A9FDCC0-F45C-4AA1-BB11-0761A25BF16B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx5520-c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB95DEC-D622-4AD7-AC69-077A94BD752C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx5521:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"924C1B4B-6E97-4942-8000-BB59860913EE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx5521-c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5788FFBD-69B4-4FB6-A2D2-4C6BA6CCE769\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx7520:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16776C5F-CCAF-4F22-B570-FE49A0B73FF7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx7521:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F350D6FE-7BE1-46C9-B1A6-4EE0AF8BCB55\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_vx2320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF7500A0-B95E-4E16-B532-28C139C94AF3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_vx3320:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A8B3E93-970D-4B49-B5A6-6BFAC45BAAC4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_vx3520-g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72422C47-0027-4B4E-9C82-78FE8A8A6D75\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_vx5520:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"704A1043-7626-412C-8666-9088B3AA1147\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_vx7320_n:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"435794D6-7773-4D93-96E2-7269EB863A04\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_vx7520:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E25483F5-F222-42AF-ACA4-580CD2965C55\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_vx7520_n:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C923CF1-EB97-431F-9D85-0CB5C921A040\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D47FCAA7-B33F-4F00-85BA-AA8ED4790572\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4C6628A-8A99-4841-A7C5-0445A03C638D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D10850BF-A7EA-4B84-B2EF-66DCCC301514\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3DC615C-A88A-4C45-892F-77C5E84104E8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr645:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE27586B-1CC9-42A3-B763-93972E204A6D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr665:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AE69184-CA94-4A27-AFF2-3B1B81D25CBA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5B19107-5B45-4E45-8B34-90B5A1FF3962\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.32_psi342n\", \"matchCriteriaId\": \"6975F7A6-DBC8-42D4-B067-E397FD978F3E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx7820:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA2540A2-1462-42F7-949C-9881544DE684\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_hx7821:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E153D62-9443-4F52-BA47-5C2704E05BC9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr950:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6B0407D-D603-48AE-9A42-F4C68056E19D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.41_tei382m\", \"matchCriteriaId\": \"2D3658E6-8820-45E5-8357-7A9EB564553A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkagile_mx1021:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C24F4237-BD63-4A87-B44A-970871642E27\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_se350:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD4B877C-8D19-4AD2-948D-ADBD9B1BEEED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.83_tei3c0n\", \"matchCriteriaId\": \"97D0E172-D188-4293-BD6D-94128304F07E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sd650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A1FF5D0-CC08-42B0-9798-55ED911B3EF6\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DB64709-93BA-43D8-A1DB-4CE405291430\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DB0C393-2CB4-485F-93E2-2F28B19F9325\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19771143-D5F1-4F2F-AB83-09913894681E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAF08144-ECCB-477B-A934-E4578522BFEE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.51_tgbt24l\", \"matchCriteriaId\": \"E6F17BC4-421A-453D-B933-97AA7BBED79E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr850:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95893E4E-6850-4C53-A5D6-12C3B9BB0E92\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinksystem_sr860:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1F9CC8A-CCFA-4499-A2C8-6251EF43968D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \\u201cunauthenticated bind\\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \\u201cauthenticated bind\\u201d and/or \\u201canonymous bind\\u201d are not affected.\"}, {\"lang\": \"es\", \"value\": \"Se ha informado de una vulnerabilidad de elusi\\u00f3n de autenticaci\\u00f3n de solo lectura en la versi\\u00f3n del tercer trimestre de 2021 del firmware de Lenovo XClarity Controller (XCC) que afecta a los dispositivos XCC configurados en el modo de solo autenticaci\\u00f3n LDAP y que usan un servidor LDAP que admite \\u20ac\\u0153unauthenticated bind\\u00e2\\u20ac?, como Microsoft Active Directory. Un usuario no autenticado puede conseguir acceso de s\\u00f3lo lectura al XCC en dicha configuraci\\u00f3n, lo que permite visualizar la configuraci\\u00f3n del dispositivo XCC pero no modificarla. Los dispositivos XCC configurados para usar la autenticaci\\u00f3n local, el modo de autenticaci\\u00f3n + autorizaci\\u00f3n LDAP o los servidores LDAP que s\\u00f3lo admiten la \\\"vinculaci\\u00f3n autenticada\\\" y/o la \\\"vinculaci\\u00f3n an\\u00f3nima\\\" no est\\u00e1n afectados\"}]",
      "id": "CVE-2021-3956",
      "lastModified": "2024-11-21T06:23:13.527",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@lenovo.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-18T16:15:08.063",
      "references": "[{\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-72074\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-72074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@lenovo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@lenovo.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-3956\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2022-05-18T16:15:08.063\",\"lastModified\":\"2024-11-21T06:23:13.527\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports \u201cunauthenticated bind\u201d, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only \u201cauthenticated bind\u201d and/or \u201canonymous bind\u201d are not affected.\"},{\"lang\":\"es\",\"value\":\"Se ha informado de una vulnerabilidad de elusi\u00f3n de autenticaci\u00f3n de solo lectura en la versi\u00f3n del tercer trimestre de 2021 del firmware de Lenovo XClarity Controller (XCC) que afecta a los dispositivos XCC configurados en el modo de solo autenticaci\u00f3n LDAP y que usan un servidor LDAP que admite \u20ac\u0153unauthenticated bind\u00e2\u20ac?, como Microsoft Active Directory. Un usuario no autenticado puede conseguir acceso de s\u00f3lo lectura al XCC en dicha configuraci\u00f3n, lo que permite visualizar la configuraci\u00f3n del dispositivo XCC pero no modificarla. Los dispositivos XCC configurados para usar la autenticaci\u00f3n local, el modo de autenticaci\u00f3n + autorizaci\u00f3n LDAP o los servidores LDAP que s\u00f3lo admiten la \\\"vinculaci\u00f3n autenticada\\\" y/o la \\\"vinculaci\u00f3n an\u00f3nima\\\" no est\u00e1n afectados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.22_cdi382o\",\"matchCriteriaId\":\"1749A9CB-1719-4CC8-8476-D06D99BB2A2F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E72B2526-8BD9-49FD-BDCF-B654BCEAC8AE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx1321:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADFD8C5A-D9E0-4EFF-92A3-17A6DBE7D155\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx1520-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"648DD614-F500-4FFB-8FD4-D2B284FE5E55\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx1521-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D33A804F-C94C-4A6C-AA84-957834680652\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx2320-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DECFCE59-8456-47A3-8A8E-989813E37674\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx2321:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5E515C4-D2F2-4A71-9A9C-70A80477352A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D3EBE9-34C1-45CA-A800-B313110409DC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx3321:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86E6A2F7-7EC0-46E1-A973-2172B076E883\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8126219-A07C-42A6-9553-B6AE499DB6BF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57D7A545-BE29-4F0B-AC77-8E6DE955CA5B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9D354C3-0183-42D9-97D0-C9888B023195\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx3521-g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E0DDCC8-46B7-43FA-8A4A-BCE8AB7F8480\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx5520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A9FDCC0-F45C-4AA1-BB11-0761A25BF16B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx5520-c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB95DEC-D622-4AD7-AC69-077A94BD752C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx5521:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"924C1B4B-6E97-4942-8000-BB59860913EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx5521-c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5788FFBD-69B4-4FB6-A2D2-4C6BA6CCE769\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx7520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16776C5F-CCAF-4F22-B570-FE49A0B73FF7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx7521:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F350D6FE-7BE1-46C9-B1A6-4EE0AF8BCB55\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_vx2320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF7500A0-B95E-4E16-B532-28C139C94AF3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_vx3320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A8B3E93-970D-4B49-B5A6-6BFAC45BAAC4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_vx3520-g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72422C47-0027-4B4E-9C82-78FE8A8A6D75\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_vx5520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"704A1043-7626-412C-8666-9088B3AA1147\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_vx7320_n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"435794D6-7773-4D93-96E2-7269EB863A04\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_vx7520:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E25483F5-F222-42AF-ACA4-580CD2965C55\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_vx7520_n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C923CF1-EB97-431F-9D85-0CB5C921A040\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkstation_p920:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47FCAA7-B33F-4F00-85BA-AA8ED4790572\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr530:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4C6628A-8A99-4841-A7C5-0445A03C638D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D10850BF-A7EA-4B84-B2EF-66DCCC301514\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr570:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A7C5BE3-5429-46B0-B0B5-C86A9B6376A7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr590:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3DC615C-A88A-4C45-892F-77C5E84104E8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7F10C8D-C9C7-4FAD-980D-7A602C8BE81D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr645:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE27586B-1CC9-42A3-B763-93972E204A6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6C2B5BB-6E1F-4E01-AAE8-A8239AB8945E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr665:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AE69184-CA94-4A27-AFF2-3B1B81D25CBA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_st550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5B19107-5B45-4E45-8B34-90B5A1FF3962\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.32_psi342n\",\"matchCriteriaId\":\"6975F7A6-DBC8-42D4-B067-E397FD978F3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx7820:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA2540A2-1462-42F7-949C-9881544DE684\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_hx7821:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E153D62-9443-4F52-BA47-5C2704E05BC9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr950:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6B0407D-D603-48AE-9A42-F4C68056E19D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.41_tei382m\",\"matchCriteriaId\":\"2D3658E6-8820-45E5-8357-7A9EB564553A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkagile_mx1021:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24F4237-BD63-4A87-B44A-970871642E27\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_se350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD4B877C-8D19-4AD2-948D-ADBD9B1BEEED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.83_tei3c0n\",\"matchCriteriaId\":\"97D0E172-D188-4293-BD6D-94128304F07E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sd650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A1FF5D0-CC08-42B0-9798-55ED911B3EF6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sn550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DB64709-93BA-43D8-A1DB-4CE405291430\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sn850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DB0C393-2CB4-485F-93E2-2F28B19F9325\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19771143-D5F1-4F2F-AB83-09913894681E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr860:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF08144-ECCB-477B-A934-E4578522BFEE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lenovo:xclarity_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.51_tgbt24l\",\"matchCriteriaId\":\"E6F17BC4-421A-453D-B933-97AA7BBED79E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr850:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95893E4E-6850-4C53-A5D6-12C3B9BB0E92\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinksystem_sr860:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1F9CC8A-CCFA-4499-A2C8-6251EF43968D\"}]}]}],\"references\":[{\"url\":\"https://support.lenovo.com/us/en/product_security/LEN-72074\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.lenovo.com/us/en/product_security/LEN-72074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.