CVE-2023-2992
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Lenovo | System Management Module (SMM) | various | affected |
| Lenovo | Fan Power Controller (FPC) | various | affected |
Weaknesses
- CWE-405: CWE-405: Asymmetric Resource Consumption (Amplification)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.