Authentication Bypass in Lenovo Fan Power Controller and System Management Module Firmware
CVE-2021-3897
9.8CRITICAL
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 22 April 2022
What is CVE-2021-3897?
An authentication bypass vulnerability has been identified in the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware. This flaw allows unauthenticated attackers to execute arbitrary commands on the affected devices, potentially compromising the system's integrity and security. It is critical for users of these products to apply necessary updates to mitigate risks associated with this vulnerability.
Affected Version(s)
Fan Power Controller2 (FPC2) various
Lenovo System Management Module (SMM) various