Sign-up

ID

VAR-202205-1502


CVE

CVE-2021-42850


TITLE

Lenovo Personal Cloud Storage Trust Management Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202205-3705

DESCRIPTION

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access

Trust: 0.99

sources: NVD: CVE-2021-42850 // VULMON: CVE-2021-42850

AFFECTED PRODUCTS

vendor:lenovomodel:t1scope:ltversion:5.3.6.t1

Trust: 1.0

vendor:lenovomodel:a1scope:ltversion:5.3.6.a1

Trust: 1.0

vendor:lenovomodel:t2scope:ltversion:5.3.8.t2

Trust: 1.0

vendor:lenovomodel:x1scope:ltversion:5.3.8.x1

Trust: 1.0

vendor:lenovomodel:t2proscope:ltversion:5.3.7.t2-pro

Trust: 1.0

sources: NVD: CVE-2021-42850

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42850
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2021-42850
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202205-3705
value: HIGH

Trust: 0.6

VULMON: CVE-2021-42850
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-42850
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2021-42850
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2021-42850
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2021-42850 // CNNVD: CNNVD-202205-3705 // NVD: CVE-2021-42850 // NVD: CVE-2021-42850

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

sources: NVD: CVE-2021-42850

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3705

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3705

PATCH

title:Lenovo Personal Cloud Storage Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194337

Trust: 0.6

sources: CNNVD: CNNVD-202205-3705

EXTERNAL IDS

db:NVDid:CVE-2021-42850

Trust: 1.7

db:CNNVDid:CNNVD-202205-3705

Trust: 0.6

db:VULMONid:CVE-2021-42850

Trust: 0.1

sources: VULMON: CVE-2021-42850 // CNNVD: CNNVD-202205-3705 // NVD: CVE-2021-42850

REFERENCES

url:https://iknow.lenovo.com.cn/detail/dc_200017.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2021-42850/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-42850 // CNNVD: CNNVD-202205-3705 // NVD: CVE-2021-42850

SOURCES

db:VULMONid:CVE-2021-42850
db:CNNVDid:CNNVD-202205-3705
db:NVDid:CVE-2021-42850

LAST UPDATE DATE

2024-11-23T21:32:26.704000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-42850date:2022-05-26T00:00:00
db:CNNVDid:CNNVD-202205-3705date:2022-05-30T00:00:00
db:NVDid:CVE-2021-42850date:2024-11-21T06:28:13.423

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-42850date:2022-05-18T00:00:00
db:CNNVDid:CNNVD-202205-3705date:2022-05-18T00:00:00
db:NVDid:CVE-2021-42850date:2022-05-18T16:15:08.303