Vulnerabilities > CVE-2023-2992 - Unspecified vulnerability in Lenovo products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

lenovo

NVD

Published: 2023-06-26

Updated: 2023-07-05

Summary

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

Vulnerable Configurations

Part	Description	Count
OS	Lenovo Lenovo Nextscale N1200 Enclosure Firmware - Lenovo Nextscale N1200 Enclosure Firmware Fhet50B-2.90 Lenovo Thinkagile CP CB 10 Firmware * Lenovo Thinkagile CP CB 10E Firmware * Lenovo Thinkagile HX Enclosure Certified Node Firmware - Lenovo Thinkagile HX Enclosure Certified Node Firmware Tesm28B-1.21 Lenovo Thinkagile VX Enclosure Firmware - Lenovo Thinkagile VX Enclosure Firmware Tesm28B-1.21 Lenovo Thinksystem D2 Enclosure Firmware - Lenovo Thinksystem D2 Enclosure Firmware Tesm28B-1.21 Lenovo Thinksystem Da240 Enclosure Firmware * Lenovo Thinksystem Dw612 Enclosure Firmware *	12
Hardware	Lenovo Lenovo Nextscale N1200 Enclosure - Lenovo Thinkagile CP CB 10 - Lenovo Thinkagile CP CB 10E - Lenovo Thinkagile HX Enclosure Certified Node - Lenovo Thinkagile VX Enclosure - Lenovo Thinksystem D2 Enclosure - Lenovo Thinksystem Da240 Enclosure - Lenovo Thinksystem Dw612 Enclosure -	8

References

https://support.lenovo.com/us/en/product_security/LEN-127357