Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3473

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.

Published

2021-04-13T21:15:25.410

Last Modified

2024-11-21T06:21:37.620

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-319
  • Type: Primary
    CWE-312
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application lenovo xclarity_controller 6.00_cdi370q Yes
Hardware lenovo thinkagile_hx1320 - No
Hardware lenovo thinkagile_hx2320 - No
Hardware lenovo thinkagile_hx3320 - No
Hardware lenovo thinkagile_hx3375 - No
Hardware lenovo thinkagile_hx3520-g - No
Hardware lenovo thinkagile_hx3720 - No
Hardware lenovo thinkagile_hx5520 - No
Hardware lenovo thinkagile_hx7520 - No
Hardware lenovo thinkagile_hx7820 - No
Hardware lenovo thinkagile_mx_certified_nodes - No
Hardware lenovo thinkagile_vx_1u - No
Hardware lenovo thinkagile_vx_2u - No
Hardware lenovo thinkagile_vx_dense - No
Hardware lenovo thinksystem_sr530 - No
Hardware lenovo thinksystem_sr570 - No
Hardware lenovo thinksystem_sr590 - No
Hardware lenovo thinksystem_sr630 - No
Hardware lenovo thinksystem_sr650 - No
Hardware lenovo thinksystem_st550 - No
Hardware lenovo thinksystem_st558 - No
Application lenovo xclarity_controller 1.10_tgbt12q Yes
Hardware lenovo thinkagile_hx1320 - No
Hardware lenovo thinkagile_hx2320 - No
Hardware lenovo thinkagile_hx3320 - No
Hardware lenovo thinkagile_hx3375 - No
Hardware lenovo thinkagile_hx3520-g - No
Hardware lenovo thinkagile_hx3720 - No
Hardware lenovo thinkagile_hx5520 - No
Hardware lenovo thinkagile_hx7520 - No
Hardware lenovo thinkagile_hx7820 - No
Hardware lenovo thinkagile_mx_certified_nodes - No
Hardware lenovo thinkagile_mx1020 - No
Hardware lenovo thinkagile_vx_1u - No
Hardware lenovo thinkagile_vx_2u - No
Hardware lenovo thinkagile_vx_dense - No
Hardware lenovo thinksystem_se350 - No
Hardware lenovo thinksystem_sr670 - No
Hardware lenovo thinksystem_sr850p - No
Application lenovo xclarity_controller 2.14_psi338i Yes
Hardware lenovo thinksystem_sr950 - No
Application lenovo xclarity_controller 4.40_tei3b2p Yes
Hardware lenovo thinkagile_hx1320 - No
Hardware lenovo thinkagile_hx2320 - No
Hardware lenovo thinkagile_hx3320 - No
Hardware lenovo thinkagile_hx3375 - No
Hardware lenovo thinkagile_hx3520-g - No
Hardware lenovo thinkagile_hx3720 - No
Hardware lenovo thinkagile_hx5520 - No
Hardware lenovo thinkagile_hx7520 - No
Hardware lenovo thinkagile_hx7820 - No
Hardware lenovo thinkagile_vx_1u - No
Hardware lenovo thinkagile_vx_2u - No
Hardware lenovo thinkagile_vx_dense - No
Hardware lenovo thinksystem_sd530 - No
Hardware lenovo thinksystem_sd650 - No
Hardware lenovo thinksystem_sn550 - No
Hardware lenovo thinksystem_sn850 - No
Hardware lenovo thinksystem_sr150 - No
Hardware lenovo thinksystem_sr158 - No
Hardware lenovo thinksystem_sr250 - No
Hardware lenovo thinksystem_sr258 - No
Hardware lenovo thinksystem_sr850 - No
Hardware lenovo thinksystem_sr860 - No
Hardware lenovo thinksystem_st250 - No
Hardware lenovo thinksystem_st258 - No
References