CVE-2023-2992

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_hx_enclosure_certified_node:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_vx_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_vx_enclosure:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:lenovo:thinksystem_d2_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_d2_enclosure:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:lenovo:thinksystem_da240_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_da240_enclosure:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:lenovo:thinksystem_dw612_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_dw612_enclosure:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:59

Type Values Removed Values Added
References () https://support.lenovo.com/us/en/product_security/LEN-127357 - Vendor Advisory () https://support.lenovo.com/us/en/product_security/LEN-127357 - Vendor Advisory

16 Sep 2024, 15:15

Type Values Removed Values Added
CWE CWE-400 CWE-405

05 Jul 2023, 17:27

Type Values Removed Values Added
CPE cpe:2.3:o:lenovo:thinksystem_d2_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_dw612_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinksystem_dw612_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_d2_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_hx_enclosure_certified_node:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinksystem_da240_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_da240_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_vx_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_vx_enclosure_firmware:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References (MISC) https://support.lenovo.com/us/en/product_security/LEN-127357 - (MISC) https://support.lenovo.com/us/en/product_security/LEN-127357 - Vendor Advisory
First Time Lenovo thinkagile Cp-cb-10
Lenovo thinksystem D2 Enclosure Firmware
Lenovo thinksystem Dw612 Enclosure Firmware
Lenovo thinkagile Vx Enclosure
Lenovo thinkagile Cp-cb-10 Firmware
Lenovo thinksystem D2 Enclosure
Lenovo nextscale N1200 Enclosure
Lenovo thinkagile Vx Enclosure Firmware
Lenovo thinksystem Da240 Enclosure
Lenovo thinkagile Hx Enclosure Certified Node
Lenovo thinksystem Da240 Enclosure Firmware
Lenovo thinksystem Dw612 Enclosure
Lenovo thinkagile Cp-cb-10e
Lenovo
Lenovo thinkagile Hx Enclosure Certified Node Firmware
Lenovo nextscale N1200 Enclosure Firmware
Lenovo thinkagile Cp-cb-10e Firmware
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

26 Jun 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-26 20:15

Updated : 2024-11-21 07:59


NVD link : CVE-2023-2992

Mitre link : CVE-2023-2992

CVE.ORG link : CVE-2023-2992


JSON object : View

Products Affected

lenovo

  • thinkagile_vx_enclosure_firmware
  • thinkagile_hx_enclosure_certified_node
  • nextscale_n1200_enclosure_firmware
  • thinkagile_cp-cb-10e
  • thinkagile_vx_enclosure
  • thinksystem_da240_enclosure
  • thinksystem_dw612_enclosure
  • thinkagile_cp-cb-10_firmware
  • nextscale_n1200_enclosure
  • thinkagile_cp-cb-10e_firmware
  • thinkagile_cp-cb-10
  • thinksystem_d2_enclosure_firmware
  • thinkagile_hx_enclosure_certified_node_firmware
  • thinksystem_dw612_enclosure_firmware
  • thinksystem_d2_enclosure
  • thinksystem_da240_enclosure_firmware
CWE
CWE-405

Asymmetric Resource Consumption (Amplification)

NVD-CWE-noinfo