Nextscale N1200 Enclosure Firmware
CVE-2023-2992
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
AnalysisAI
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-405. An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. Affected products include: Lenovo Nextscale N1200 Enclosure Firmware, Lenovo Thinkagile Cp-Cb-10 Firmware, Lenovo Thinkagile Cp-Cb-10E Firmware, Lenovo Thinkagile Hx Enclosure Certified Node Firmware, Lenovo Thinkagile Vx Enclosure Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevate
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API ca
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today