CVE-2024-2659

Published: Apr 15, 2024Modified: Jul 28, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: psirt@lenovo.com (Secondary)

Description

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.

Affected (68)

Lenovo

68 products

Nextscale N1200 Enclosure Firmware

Thinkagile Cp Cb 10 Firmware

Thinkagile Cp Cb 10e Firmware

Thinkagile Hx Enclosure Firmware

Thinkagile Hx3721 Firmware

Thinkagile Hx1021 Firmware

Thinkagile Hx E1 Enclosure Firmware

Thinkagile Hx E2 Enclosure Firmware

Thinkagile Hx1321 Firmware

Thinkagile Hx2321 Firmware

Thinkagile Hx3321 Firmware

Thinkagile Hx1331 Firmware

Thinkagile Hx2331 Firmware

Thinkagile Hx3331 Firmware

Thinkagile Hx630 V3 Firmware

Thinkagile Hx3376 Firmware

Thinkagile Hx645 V3 Firmware

Thinkagile Hx1521 R Firmware

Thinkagile Hx3521 G Firmware

Thinkagile Hx5521 Firmware

Thinkagile Hx5521 C Firmware

Thinkagile Hx7521 Firmware

Thinkagile Hx5531 Firmware

Thinkagile Hx7531 Firmware

Thinkagile Hx650 V3 Firmware

Thinkagile Hx665 V3 Firmware

Thinkagile Hx7821 Firmware

Thinkagile Vx3720 Firmware

Thinkagile 2u4n Firmware

Thinkagile Vx1320 Firmware

Thinkagile Vx 1se Firmware

Thinkagile Vx3320 Firmware

Thinkagile Vx2320 Firmware

Thinkagile Vx7320 N Firmware

Thinkagile Vx 1u Firmware

Thinkagile Vx2330 Firmware

Thinkagile Vx3330 Firmware

Thinkagile Vx7330 N Firmware

Thinkagile Vx3331 Firmware

Thinkagile Vx630 V3 Firmware

Thinkagile Vx630 V4 Firmware

Thinkagile Vx635 V3 Firmware

Thinkagile Vx2375 Firmware

Thinkagile Vx3375 Firmware

Thinkagile Vx7375 N Firmware

Thinkagile Vx3376 Firmware

Thinkagile Vx645 V3 Firmware

Thinkagile Vx7520 Firmware

Thinkagile Vx3520 G Firmware

Thinkagile Vx5520 Firmware

Thinkagile Vx 2u Firmware

Thinkagile Vx3530 G Firmware

Thinkagile Vx5530 Firmware

Thinkagile Vx7530 Firmware

Thinkagile Vx7531 Firmware

Thinkagile Vx650 V3 Firmware

Thinkagile Vx650 V4 Firmware

Thinkagile Vx655 V3 Firmware

Thinkagile Vx5575 Firmware

Thinkagile Vx7575 Firmware

Thinkagile Vx3575 G Firmware

Thinkagile Vx665 V3 Firmware

Thinkagile Vx850 V3 Firmware

Thinkagile Vx 4u Firmware

Thinkagile Vx7820 Firmware

Thinksystem D2 Enclosure Firmware

Thinksystem Da240 Firmware

Thinksystem Dw612 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Nextscale N1200 Enclosure Firmware	Before FHET62A-3.50

Running on/with	Platform Versions
Lenovo Nextscale N1200 Enclosure	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Cp Cb 10 Firmware	Before TESM40B-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Cp Cb 10	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Cp Cb 10e Firmware	Before TESM40B-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Cp Cb 10e	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx Enclosure Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx Enclosure	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx3721 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx3721	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx1021 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx1021	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx E1 Enclosure Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx E1 Enclosure	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx E2 Enclosure Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx E2 Enclosure	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx1321 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx1321	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx2321 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx2321	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx3321 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx3321	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx1331 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx1331	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx2331 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx2331	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx3331 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx3331	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx630 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx630 V3	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx3376 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx3376	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx645 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx645 V3	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx1521 R Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx1521 R	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx3521 G Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx3521 G	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx5521 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx5521	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx5521 C Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx5521 C	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx7521 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx7521	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx5531 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx5531	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx7531 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx7531	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx650 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx650 V3	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx665 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx665 V3	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Hx7821 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Hx7821	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3720 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3720	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile 2u4n Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile 2u4n	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx1320 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx1320	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx 1se Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx 1se	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3320 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3320	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx2320 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx2320	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7320 N Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7320 N	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx 1u Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx 1u	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx2330 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx2330	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3330 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3330	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7330 N Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7330 N	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3331 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3331	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx630 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx630 V3	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx630 V4 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx630 V4	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx635 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx635 V3	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx2375 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx2375	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3375 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3375	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7375 N Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7375 N	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3376 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3376	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx645 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx645 V3	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7520 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7520	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3520 G Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3520 G	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx5520 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx5520	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx 2u Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx 2u	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3530 G Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3530 G	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx5530 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx5530	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7530 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7530	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7531 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7531	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx650 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx650 V3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx650 V4 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx650 V4	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx655 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx655 V3	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx5575 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx5575	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7575 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7575	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx3575 G Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx3575 G	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx665 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx665 V3	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx850 V3 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx850 V3	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx 4u Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx 4u	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkagile Vx7820 Firmware	Before tesm40b-1.27

Running on/with	Platform Versions
Lenovo Thinkagile Vx7820	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem D2 Enclosure Firmware	Before TESM40B-1.27

Running on/with	Platform Versions
Lenovo Thinksystem D2 Enclosure	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem Da240 Firmware	Before UMSM12I-1.1.3

Running on/with	Platform Versions
Lenovo Thinksystem Da240	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinksystem Dw612 Firmware	Before UMSM12I-1.1.3

Running on/with	Platform Versions
Lenovo Thinksystem Dw612	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-140420

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-140420

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.