PT-2024-3581 · Lenovo · Cp-Cb-10+3
Published
2024-04-09
·
Updated
2024-07-11
·
CVE-2024-2659
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Lenovo ThinkSystem, ThinkAgile, NeXtScale, and Lenovo CP-CB-10 (affected versions not specified)
SMM/SMM2 and FPC (affected versions not specified)
Description
A command injection issue was identified in the System Management Module (SMM/SMM2) and Fan Power Controller (FPC) that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. This could potentially be exploited by a remote attacker to execute arbitrary commands.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cp-Cb-10
Lenovo Thinksystem
Nextscale
Thinkagile