CVE-2023-2992

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_hx_enclosure_certified_node:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lenovo:thinkagile_vx_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_vx_enclosure:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:lenovo:thinksystem_d2_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_d2_enclosure:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:lenovo:thinksystem_da240_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_da240_enclosure:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:lenovo:thinksystem_dw612_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_dw612_enclosure:-:*:*:*:*:*:*:*

History

16 Sep 2024, 15:15

Type Values Removed Values Added
CWE CWE-400 CWE-405

05 Jul 2023, 17:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:o:lenovo:thinksystem_d2_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_dw612_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinksystem_dw612_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_d2_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_hx_enclosure_certified_node:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinksystem_da240_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinksystem_da240_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:thinkagile_vx_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:thinkagile_vx_enclosure_firmware:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Lenovo thinkagile Cp-cb-10
Lenovo thinksystem D2 Enclosure Firmware
Lenovo thinksystem Dw612 Enclosure Firmware
Lenovo thinkagile Vx Enclosure
Lenovo thinkagile Cp-cb-10 Firmware
Lenovo thinksystem D2 Enclosure
Lenovo nextscale N1200 Enclosure
Lenovo thinkagile Vx Enclosure Firmware
Lenovo thinksystem Da240 Enclosure
Lenovo thinkagile Hx Enclosure Certified Node
Lenovo thinksystem Da240 Enclosure Firmware
Lenovo thinksystem Dw612 Enclosure
Lenovo thinkagile Cp-cb-10e
Lenovo
Lenovo thinkagile Hx Enclosure Certified Node Firmware
Lenovo nextscale N1200 Enclosure Firmware
Lenovo thinkagile Cp-cb-10e Firmware
References (MISC) https://support.lenovo.com/us/en/product_security/LEN-127357 - (MISC) https://support.lenovo.com/us/en/product_security/LEN-127357 - Vendor Advisory

26 Jun 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-26 20:15

Updated : 2024-09-16 15:15


NVD link : CVE-2023-2992

Mitre link : CVE-2023-2992

CVE.ORG link : CVE-2023-2992


JSON object : View

Products Affected

lenovo

  • thinkagile_cp-cb-10_firmware
  • nextscale_n1200_enclosure_firmware
  • thinksystem_d2_enclosure_firmware
  • thinkagile_hx_enclosure_certified_node_firmware
  • nextscale_n1200_enclosure
  • thinkagile_vx_enclosure_firmware
  • thinksystem_da240_enclosure_firmware
  • thinksystem_d2_enclosure
  • thinkagile_vx_enclosure
  • thinkagile_cp-cb-10e_firmware
  • thinkagile_hx_enclosure_certified_node
  • thinksystem_da240_enclosure
  • thinkagile_cp-cb-10
  • thinksystem_dw612_enclosure
  • thinksystem_dw612_enclosure_firmware
  • thinkagile_cp-cb-10e
CWE
NVD-CWE-noinfo CWE-405

Asymmetric Resource Consumption (Amplification)