CVE-2023-2992

Published: Jun 26, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

Affected (8)

Products: Lenovo: Nextscale N1200 Enclosure Firmware, Thinkagile Cp Cb 10 Firmware, Thinkagile Cp Cb 10e Firmware, Thinkagile Hx Enclosure Certified Node Firmware, Thinkagile Vx Enclosure Firmware, Thinksystem D2 Enclosure Firmware, Thinksystem Da240 Enclosure Firmware, Thinksystem Dw612 Enclosure Firmware

Lenovo

8 products

Nextscale N1200 Enclosure Firmware

Thinkagile Cp Cb 10 Firmware

Thinkagile Cp Cb 10e Firmware

Thinkagile Hx Enclosure Certified Node Firmware

Thinkagile Vx Enclosure Firmware

Thinksystem D2 Enclosure Firmware

Thinksystem Da240 Enclosure Firmware

Thinksystem Dw612 Enclosure Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Nextscale N1200 Enclosure Firmware	Before fhet60b-3.40

Running on/with	Platform Versions
Lenovo Nextscale N1200 Enclosure	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Cp Cb 10 Firmware	Before tesm38c-1.26

Running on/with	Platform Versions
Lenovo Thinkagile Cp Cb 10	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Cp Cb 10e Firmware	Before tesm38c-1.26

Running on/with	Platform Versions
Lenovo Thinkagile Cp Cb 10e	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx Enclosure Certified Node Firmware	Before tesm38c-1.26

Running on/with	Platform Versions
Lenovo Thinkagile Hx Enclosure Certified Node	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx Enclosure Firmware	Before tesm38c-1.26

Running on/with	Platform Versions
Lenovo Thinkagile Vx Enclosure	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem D2 Enclosure Firmware	Before tesm38c-1.26

Running on/with	Platform Versions
Lenovo Thinksystem D2 Enclosure	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem Da240 Enclosure Firmware	Before umsm10s-1.07

Running on/with	Platform Versions
Lenovo Thinksystem Da240 Enclosure	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem Dw612 Enclosure Firmware	Before umsm10s-1.07

Running on/with	Platform Versions
Lenovo Thinksystem Dw612 Enclosure	All versions

Related CWEs

CWE-405

Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

References (2)

https://support.lenovo.com/us/en/product_security/LEN-127357

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-127357

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.