Authentication Bypass in Lenovo Fan Power Controller and System Management Module
CVE-2021-3849
9.8CRITICAL
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 22 April 2022
What is CVE-2021-3849?
An authentication bypass vulnerability has been identified in the web interface of the Lenovo Fan Power Controller 2 (FPC2) and Lenovo System Management Module (SMM) firmware. This flaw potentially allows an unauthenticated attacker to execute arbitrary commands on these systems, leading to unauthorized access and control. Notably, the SMM2 version remains unaffected.
Affected Version(s)
Fan Power Controller2 (FPC2) various
Lenovo System Management Module (SMM) various