A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/product_security/LEN-127357 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jul 2023, 17:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://support.lenovo.com/us/en/product_security/LEN-127357 - Vendor Advisory | |
First Time |
Lenovo thinkagile Cp-cb-10
Lenovo thinksystem D2 Enclosure Firmware Lenovo thinksystem Dw612 Enclosure Firmware Lenovo thinkagile Vx Enclosure Lenovo thinkagile Cp-cb-10 Firmware Lenovo thinksystem D2 Enclosure Lenovo nextscale N1200 Enclosure Lenovo thinkagile Vx Enclosure Firmware Lenovo thinksystem Da240 Enclosure Lenovo thinkagile Hx Enclosure Certified Node Lenovo thinksystem Da240 Enclosure Firmware Lenovo thinksystem Dw612 Enclosure Lenovo thinkagile Cp-cb-10e Lenovo Lenovo thinkagile Hx Enclosure Certified Node Firmware Lenovo nextscale N1200 Enclosure Firmware Lenovo thinkagile Cp-cb-10e Firmware |
|
CWE | CWE-281 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
CPE | cpe:2.3:o:lenovo:thinksystem_d2_enclosure_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinksystem_dw612_enclosure:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinksystem_dw612_enclosure_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinksystem_d2_enclosure:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkagile_hx_enclosure_certified_node:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinksystem_da240_enclosure_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinksystem_da240_enclosure:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkagile_vx_enclosure:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:*:*:*:*:*:*:* cpe:2.3:o:lenovo:thinkagile_vx_enclosure_firmware:*:*:*:*:*:*:*:* |
26 Jun 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-26 20:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-2993
Mitre link : CVE-2023-2993
CVE.ORG link : CVE-2023-2993
JSON object : View
Products Affected
lenovo
- thinkagile_vx_enclosure_firmware
- thinksystem_da240_enclosure
- thinksystem_d2_enclosure
- thinksystem_dw612_enclosure_firmware
- thinksystem_dw612_enclosure
- thinkagile_vx_enclosure
- thinkagile_cp-cb-10_firmware
- thinksystem_d2_enclosure_firmware
- thinkagile_cp-cb-10e_firmware
- thinkagile_cp-cb-10
- nextscale_n1200_enclosure
- nextscale_n1200_enclosure_firmware
- thinkagile_hx_enclosure_certified_node
- thinksystem_da240_enclosure_firmware
- thinkagile_cp-cb-10e
- thinkagile_hx_enclosure_certified_node_firmware
CWE
CWE-281
Improper Preservation of Permissions