Sign-up

ID

VAR-202205-1538


CVE

CVE-2021-42848


TITLE

plural  Lenovo  Vulnerability regarding lack of certification in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019680

DESCRIPTION

An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. a1 firmware, t1 firmware, x1 firmware etc. Lenovo The product contains a vulnerability related to lack of certification.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-42848 // JVNDB: JVNDB-2021-019680 // VULMON: CVE-2021-42848

AFFECTED PRODUCTS

vendor:lenovomodel:t1scope:ltversion:5.3.6.t1

Trust: 1.0

vendor:lenovomodel:a1scope:ltversion:5.3.6.a1

Trust: 1.0

vendor:lenovomodel:t2scope:ltversion:5.3.8.t2

Trust: 1.0

vendor:lenovomodel:x1scope:ltversion:5.3.8.x1

Trust: 1.0

vendor:lenovomodel:t2proscope:ltversion:5.3.7.t2-pro

Trust: 1.0

vendor:lenovomodel:x1scope: - version: -

Trust: 0.8

vendor:lenovomodel:t2proscope: - version: -

Trust: 0.8

vendor:lenovomodel:a1scope: - version: -

Trust: 0.8

vendor:lenovomodel:t2scope: - version: -

Trust: 0.8

vendor:lenovomodel:t1scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019680 // NVD: CVE-2021-42848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42848
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2021-42848
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-42848
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202205-3707
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-42848
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-42848
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2021-42848
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-42848
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-019680 // CNNVD: CNNVD-202205-3707 // NVD: CVE-2021-42848 // NVD: CVE-2021-42848

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:Lack of authentication (CWE-862) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019680 // NVD: CVE-2021-42848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3707

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3707

PATCH

title:Lenovo Personal Cloud Storage Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194594

Trust: 0.6

sources: CNNVD: CNNVD-202205-3707

EXTERNAL IDS

db:NVDid:CVE-2021-42848

Trust: 3.3

db:JVNDBid:JVNDB-2021-019680

Trust: 0.8

db:CNNVDid:CNNVD-202205-3707

Trust: 0.6

db:VULMONid:CVE-2021-42848

Trust: 0.1

sources: VULMON: CVE-2021-42848 // JVNDB: JVNDB-2021-019680 // CNNVD: CNNVD-202205-3707 // NVD: CVE-2021-42848

REFERENCES

url:https://iknow.lenovo.com.cn/detail/dc_200017.html

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-42848

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-42848/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-42848 // JVNDB: JVNDB-2021-019680 // CNNVD: CNNVD-202205-3707 // NVD: CVE-2021-42848

SOURCES

db:VULMONid:CVE-2021-42848
db:JVNDBid:JVNDB-2021-019680
db:CNNVDid:CNNVD-202205-3707
db:NVDid:CVE-2021-42848

LAST UPDATE DATE

2024-11-23T22:47:22.211000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-42848date:2022-05-18T00:00:00
db:JVNDBid:JVNDB-2021-019680date:2023-08-10T08:27:00
db:CNNVDid:CNNVD-202205-3707date:2022-06-02T00:00:00
db:NVDid:CVE-2021-42848date:2024-11-21T06:28:13.160

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-42848date:2022-05-18T00:00:00
db:JVNDBid:JVNDB-2021-019680date:2023-08-10T00:00:00
db:CNNVDid:CNNVD-202205-3707date:2022-05-18T00:00:00
db:NVDid:CVE-2021-42848date:2022-05-18T16:15:08.187