Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2993

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

Published

2023-06-26T20:15:10.000

Last Modified

2024-11-21T07:59:42.997

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-281
Type: Primary
CWE-281

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	nextscale_n1200_enclosure_firmware	< fhet60b-3.40	Yes
Hardware	lenovo	nextscale_n1200_enclosure	-	No
Operating System	lenovo	thinkagile_cp-cb-10_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_cp-cb-10	-	No
Operating System	lenovo	thinkagile_cp-cb-10e_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_cp-cb-10e	-	No
Operating System	lenovo	thinkagile_hx_enclosure_certified_node_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_hx_enclosure_certified_node	-	No
Operating System	lenovo	thinkagile_vx_enclosure_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinkagile_vx_enclosure	-	No
Operating System	lenovo	thinksystem_d2_enclosure_firmware	< tesm38c-1.26	Yes
Hardware	lenovo	thinksystem_d2_enclosure	-	No
Operating System	lenovo	thinksystem_da240_enclosure_firmware	< umsm10s-1.07	Yes
Hardware	lenovo	thinksystem_da240_enclosure	-	No
Operating System	lenovo	thinksystem_dw612_enclosure_firmware	< umsm10s-1.07	Yes
Hardware	lenovo	thinksystem_dw612_enclosure	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-127357 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-127357 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)