CVE-2023-4857

Name of the Vulnerable Software and Affected Versions Lenovo ThinkSystem, ThinkAgile, NeXtScale, and Lenovo CP-CB-10 (affected versions not specified)

Description The issue is related to an authentication bypass vulnerability in the System Management Module (SMM/SMM2) and Fan Power Controller (FPC) firmware of Lenovo systems. This vulnerability could allow an authenticated user to execute certain IPMI calls, potentially leading to the exposure of limited system information. The vulnerability is associated with the lack of authentication for a critical function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.