HIGH🇵🇱 Wersja polska

CVE-2023-2992

CVSS 7.5v3.1pub. 2023-06-26upd. 2024-11-21

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Lenovo Nextscale N1200 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Nextscale N1200 Enclosure Firmware

    OS
    Lenovo
    < fhet60b-3.40
  • Lenovo Thinkagile Cp Cb 10

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Cp Cb 10e

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Cp Cb 10e Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinkagile Cp Cb 10 Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinkagile Hx Enclosure Certified Node

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx Enclosure Certified Node Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinkagile Vx Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx Enclosure Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinksystem D2 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem D2 Enclosure Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinksystem Da240 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem Da240 Enclosure Firmware

    OS
    Lenovo
    < umsm10s-1.07
  • Lenovo Thinksystem Dw612 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem Dw612 Enclosure Firmware

    OS
    Lenovo
    < umsm10s-1.07
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2021-3849CRITICAL9.8ten sam produkt

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2...

CVE-2021-3897CRITICAL9.8ten sam produkt

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controlle...

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2022-34884HIGH7.2ten sam produkt

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...

CVE-2023-2993MEDIUM5.4ten sam produkt

A valid, authenticated user with limited privileges may be able to use specifically crafted web management ser...