Vulnerabilities > Lenovo > Thinkagile HX Enclosure Certified Node Firmware > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-26	CVE-2023-2993	Improper Preservation of Permissions vulnerability in Lenovo products A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. network low complexity lenovo CWE-281	6.3
2023-01-30	CVE-2022-34884	Out-of-bounds Write vulnerability in Lenovo products A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. network low complexity lenovo CWE-787	6.5
2023-01-30	CVE-2022-34888	Incorrect Comparison vulnerability in Lenovo products The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. network low complexity lenovo CWE-697	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.