Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-2659

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.2, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 136 products from lenovo, from lenovo, from lenovo and 133 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-04-15T18:15:10.837

Last Modified

2025-07-28T13:06:05.163

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	nextscale_n1200_enclosure_firmware	< FHET62A-3.50	Yes
Hardware	lenovo	nextscale_n1200_enclosure	-	No
Operating System	lenovo	thinkagile_cp-cb-10_firmware	< TESM40B-1.27	Yes
Hardware	lenovo	thinkagile_cp-cb-10	-	No
Operating System	lenovo	thinkagile_cp-cb-10e_firmware	< TESM40B-1.27	Yes
Hardware	lenovo	thinkagile_cp-cb-10e	-	No
Operating System	lenovo	thinkagile_hx_enclosure_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx_enclosure	-	No
Operating System	lenovo	thinkagile_hx3721_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx3721	-	No
Operating System	lenovo	thinkagile_hx1021_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx1021	-	No
Operating System	lenovo	thinkagile_hx_e1_enclosure_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx_e1_enclosure	-	No
Operating System	lenovo	thinkagile_hx_e2_enclosure_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx_e2_enclosure	-	No
Operating System	lenovo	thinkagile_hx1321_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx1321	-	No
Operating System	lenovo	thinkagile_hx2321_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx2321	-	No
Operating System	lenovo	thinkagile_hx3321_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx3321	-	No
Operating System	lenovo	thinkagile_hx1331_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx1331	-	No
Operating System	lenovo	thinkagile_hx2331_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx2331	-	No
Operating System	lenovo	thinkagile_hx3331_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx3331	-	No
Operating System	lenovo	thinkagile_hx630_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx630_v3	-	No
Operating System	lenovo	thinkagile_hx3376_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx3376	-	No
Operating System	lenovo	thinkagile_hx645_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx645_v3	-	No
Operating System	lenovo	thinkagile_hx1521-r_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx1521-r	-	No
Operating System	lenovo	thinkagile_hx3521-g_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx3521-g	-	No
Operating System	lenovo	thinkagile_hx5521_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx5521	-	No
Operating System	lenovo	thinkagile_hx5521-c_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx5521-c	-	No
Operating System	lenovo	thinkagile_hx7521_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx7521	-	No
Operating System	lenovo	thinkagile_hx5531_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx5531	-	No
Operating System	lenovo	thinkagile_hx7531_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx7531	-	No
Operating System	lenovo	thinkagile_hx650_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx650_v3	-	No
Operating System	lenovo	thinkagile_hx665_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx665_v3	-	No
Operating System	lenovo	thinkagile_hx7821_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_hx7821	-	No
Operating System	lenovo	thinkagile_vx3720_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3720	-	No
Operating System	lenovo	thinkagile_2u4n_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_2u4n	-	No
Operating System	lenovo	thinkagile_vx1320_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx1320	-	No
Operating System	lenovo	thinkagile_vx_1se_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx_1se	-	No
Operating System	lenovo	thinkagile_vx3320_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3320	-	No
Operating System	lenovo	thinkagile_vx2320_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx2320	-	No
Operating System	lenovo	thinkagile_vx7320-n_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7320-n	-	No
Operating System	lenovo	thinkagile_vx_1u_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx_1u	-	No
Operating System	lenovo	thinkagile_vx2330_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx2330	-	No
Operating System	lenovo	thinkagile_vx3330_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3330	-	No
Operating System	lenovo	thinkagile_vx7330-n_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7330-n	-	No
Operating System	lenovo	thinkagile_vx3331_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3331	-	No
Operating System	lenovo	thinkagile_vx630_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx630_v3	-	No
Operating System	lenovo	thinkagile_vx630_v4_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx630_v4	-	No
Operating System	lenovo	thinkagile_vx635_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx635_v3	-	No
Operating System	lenovo	thinkagile_vx2375_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx2375	-	No
Operating System	lenovo	thinkagile_vx3375_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3375	-	No
Operating System	lenovo	thinkagile_vx7375-n_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7375-n	-	No
Operating System	lenovo	thinkagile_vx3376_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3376	-	No
Operating System	lenovo	thinkagile_vx645_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx645_v3	-	No
Operating System	lenovo	thinkagile_vx5520_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx5520	-	No
Operating System	lenovo	thinkagile_vx7520_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7520	-	No
Operating System	lenovo	thinkagile_vx3520-g_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3520-g	-	No
Operating System	lenovo	thinkagile_vx5520_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx5520	-	No
Operating System	lenovo	thinkagile_vx_2u_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx_2u	-	No
Operating System	lenovo	thinkagile_vx3530-g_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3530-g	-	No
Operating System	lenovo	thinkagile_vx5530_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx5530	-	No
Operating System	lenovo	thinkagile_vx7530_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7530	-	No
Operating System	lenovo	thinkagile_vx7531_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7531	-	No
Operating System	lenovo	thinkagile_vx650_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx650_v3	-	No
Operating System	lenovo	thinkagile_vx650_v4_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx650_v4	-	No
Operating System	lenovo	thinkagile_vx655_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx655_v3	-	No
Operating System	lenovo	thinkagile_vx5575_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx5575	-	No
Operating System	lenovo	thinkagile_vx7575_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7575	-	No
Operating System	lenovo	thinkagile_vx3575-g_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx3575-g	-	No
Operating System	lenovo	thinkagile_vx665_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx665_v3	-	No
Operating System	lenovo	thinkagile_vx850_v3_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx850_v3	-	No
Operating System	lenovo	thinkagile_vx_4u_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx_4u	-	No
Operating System	lenovo	thinkagile_vx7820_firmware	< tesm40b-1.27	Yes
Hardware	lenovo	thinkagile_vx7820	-	No
Operating System	lenovo	thinksystem_d2_enclosure_firmware	< TESM40B-1.27	Yes
Hardware	lenovo	thinksystem_d2_enclosure	-	No
Operating System	lenovo	thinksystem_da240_firmware	< UMSM12I-1.1.3	Yes
Hardware	lenovo	thinksystem_da240	-	No
Operating System	lenovo	thinksystem_dw612_firmware	< UMSM12I-1.1.3	Yes
Hardware	lenovo	thinksystem_dw612	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-140420 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-140420 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.