Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.

Published

2024-02-16T17:15:08.800

Last Modified

2025-07-23T15:15:30.030

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.0 (LOW)

Weaknesses

Type: Secondary
CWE-1269
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinksystem_sr670_v2_firmware	< u8e126i-2.20	Yes
Hardware	lenovo	thinksystem_sr670_v2	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-150020 ([email protected])
https://https://support.lenovo.com/us/en/product_security/LEN-150020 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)