Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2992

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

Published

2023-06-26T20:15:09.933

Last Modified

2024-11-21T07:59:42.850

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-405
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	nextscale_n1200_enclosure_firmware	< fhet60b-3.40	Yes
Hardware	lenovo	nextscale_n1200_enclosure	-	No
Operating System	lenovo	thinkagile_cp-cb-10_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_cp-cb-10	-	No
Operating System	lenovo	thinkagile_cp-cb-10e_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_cp-cb-10e	-	No
Operating System	lenovo	thinkagile_hx_enclosure_certified_node_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_hx_enclosure_certified_node	-	No
Operating System	lenovo	thinkagile_vx_enclosure_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_vx_enclosure	-	No
Operating System	lenovo	thinksystem_d2_enclosure_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinksystem_d2_enclosure	-	No
Operating System	lenovo	thinksystem_da240_enclosure_firmware	< umsm10s-1.07	Yes
Hardware	lenovo	thinksystem_da240_enclosure	-	No
Operating System	lenovo	thinksystem_dw612_enclosure_firmware	< umsm10s-1.07	Yes
Hardware	lenovo	thinksystem_dw612_enclosure	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-127357 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-127357 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)