MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2023-2993

CVSS 5.4v3.1pub. 2023-06-26upd. 2024-11-21

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Lenovo Nextscale N1200 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Nextscale N1200 Enclosure Firmware

    OS
    Lenovo
    < fhet60b-3.40
  • Lenovo Thinkagile Cp Cb 10

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Cp Cb 10e

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Cp Cb 10e Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinkagile Cp Cb 10 Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinkagile Hx Enclosure Certified Node

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx Enclosure Certified Node Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinkagile Vx Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx Enclosure Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinksystem D2 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem D2 Enclosure Firmware

    OS
    Lenovo
    < tesm38c-1.26
  • Lenovo Thinksystem Da240 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem Da240 Enclosure Firmware

    OS
    Lenovo
    < umsm10s-1.07
  • Lenovo Thinksystem Dw612 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem Dw612 Enclosure Firmware

    OS
    Lenovo
    < umsm10s-1.07
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-3849CRITICAL9.8ten sam produkt

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2...

CVE-2021-3897CRITICAL9.8ten sam produkt

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controlle...

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2023-2992HIGH7.5ten sam produkt

An unauthenticated Β denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web serve...

CVE-2022-34884HIGH7.2ten sam produkt

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...

CVE-2023-2993 β€” Lenovo β€” Nextscale N1200 Enclosure β€” MEDIUM β€” CVSS 5.4 | CVEbaza.pl