Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2023-2992

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

Published: Jun 26, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-2992
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-405

Affected Software
References

Software	From	Fixed in
lenovo / nextscale_n1200_enclosure_firmware	-	fhet60b-3.40
lenovo / thinkagile_cp-cb-10_firmware	-	tesm38c-1.26
lenovo / thinkagile_cp-cb-10e_firmware	-	tesm38c-1.26
lenovo / thinkagile_hx_enclosure_certified_node_firmware	-	tesm38c-1.26
lenovo / thinkagile_vx_enclosure_firmware	-	tesm38c-1.26
lenovo / thinksystem_d2_enclosure_firmware	-	tesm38c-1.26
lenovo / thinksystem_da240_enclosure_firmware	-	umsm10s-1.07
lenovo / thinksystem_dw612_enclosure_firmware	-	umsm10s-1.07

https://support.lenovo.com/us/en/product_security/LEN-127357

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo