CVE-2023-2992

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

Published: Jun 26, 2023
Updated: Jul 6, 2023
CVE: CVE-2023-2992
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
lenovo / nextscale_n1200_enclosure_firmware	-	fhet60b-3.40
lenovo / thinkagile_cp-cb-10_firmware	-	tesm38c-1.26
lenovo / thinkagile_cp-cb-10e_firmware	-	tesm38c-1.26
lenovo / thinkagile_hx_enclosure_certified_node_firmware	-	tesm38c-1.26
lenovo / thinkagile_vx_enclosure_firmware	-	tesm38c-1.26
lenovo / thinksystem_d2_enclosure_firmware	-	tesm38c-1.26
lenovo / thinksystem_da240_enclosure_firmware	-	umsm10s-1.07
lenovo / thinksystem_dw612_enclosure_firmware	-	umsm10s-1.07

https://support.lenovo.com/us/en/product_security/LEN-127357

Vulnerability Database

289,871

CVE-2023-2992