6.3
CVE-2023-2993
- EPSS 0.08%
- Published 26.06.2023 20:15:10
- Last modified 21.11.2024 07:59:42
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Nextscale N1200 Enclosure Firmware Version < fhet60b-3.40
Lenovo ≫ Thinkagile Cp-cb-10 Firmware Version < tesm38c-1.26
Lenovo ≫ Thinkagile Cp-cb-10e Firmware Version < tesm38c-1.26
Lenovo ≫ Thinkagile Hx Enclosure Certified Node Firmware Version < tesm38c-1.26
Lenovo ≫ Thinkagile Vx Enclosure Firmware Version < tesm38c-1.26
Lenovo ≫ Thinksystem D2 Enclosure Firmware Version < tesm38c-1.26
Lenovo ≫ Thinksystem Da240 Enclosure Firmware Version < umsm10s-1.07
Lenovo ≫ Thinksystem Dw612 Enclosure Firmware Version < umsm10s-1.07
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.245 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| psirt@lenovo.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.