7.5
CVE-2023-2992
- EPSS 0.22%
- Veröffentlicht 26.06.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 07:59:42
- Quelle psirt@lenovo.com
- Teams Watchlist Login
- Unerledigt Login
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lenovo ≫ Nextscale N1200 Enclosure Firmware Version < fhet60b-3.40
Lenovo ≫ Thinkagile Cp-cb-10 Firmware Version < tesm38c-1.26
Lenovo ≫ Thinkagile Cp-cb-10e Firmware Version < tesm38c-1.26
Lenovo ≫ Thinkagile Hx Enclosure Certified Node Firmware Version < tesm38c-1.26
Lenovo ≫ Thinkagile Vx Enclosure Firmware Version < tesm38c-1.26
Lenovo ≫ Thinksystem D2 Enclosure Firmware Version < tesm38c-1.26
Lenovo ≫ Thinksystem Da240 Enclosure Firmware Version < umsm10s-1.07
Lenovo ≫ Thinksystem Dw612 Enclosure Firmware Version < umsm10s-1.07
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.446 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| psirt@lenovo.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-405 Asymmetric Resource Consumption (Amplification)
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."