An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Nextscale Fan Power Controller
HWIbmwszystkie wersjeIBM Nextscale Fan Power Controller Firmware
OSIbm< 44a-3.70Lenovo Nextscale N1200 Enclosure
HWLenovowszystkie wersjeLenovo Nextscale N1200 Enclosure Firmware
OSLenovo< fhet50b-2.90Lenovo Thinkagile Hx Enclosure Certified Node
HWLenovowszystkie wersjeLenovo Thinkagile Hx Enclosure Certified Node Firmware
OSLenovo< tesm28b-1.21Lenovo Thinkagile Vx Enclosure
HWLenovowszystkie wersjeLenovo Thinkagile Vx Enclosure Firmware
OSLenovo< tesm28b-1.21Lenovo Thinksystem D2 Enclosure
HWLenovowszystkie wersjeLenovo Thinksystem D2 Enclosure Firmware
OSLenovo< tesm28b-1.21
Powiązane podatności
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2...
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web serve...
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...
A valid, authenticated user with limited privileges may be able to use specifically crafted web management ser...