Description

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

Related CPE's

o

lenovo

nextscale_n1200_enclosure_firmware

Vulnerable

h

lenovo

nextscale_n1200_enclosure

-

o

lenovo

thinkagile_cp-cb-10_firmware

Vulnerable

h

lenovo

thinkagile_cp-cb-10

-

o

lenovo

thinkagile_cp-cb-10e_firmware

Vulnerable

h

lenovo

thinkagile_cp-cb-10e

-

o

lenovo

thinkagile_hx_enclosure_certified_node_firmware

Vulnerable

h

lenovo

thinkagile_hx_enclosure_certified_node

-

o

lenovo

thinkagile_vx_enclosure_firmware

Vulnerable

h

lenovo

thinkagile_vx_enclosure

-

o

lenovo

thinksystem_d2_enclosure_firmware

Vulnerable

h

lenovo

thinksystem_d2_enclosure

-

o

lenovo

thinksystem_da240_enclosure_firmware

Vulnerable

h

lenovo

thinksystem_da240_enclosure

-

o

lenovo

thinksystem_dw612_enclosure_firmware

Vulnerable

h

lenovo

thinksystem_dw612_enclosure

-

References

https://support.lenovo.com/us/en/product_security/LEN-127357

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

[email protected]

Secondary
CWE-405

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-06-26T20:15:09.933

1 year ago

Last modified

2024-09-16T15:15:13.580

7 months ago