CVE-2023-4855

Name of the Vulnerable Software and Affected Versions Lenovo ThinkSystem, ThinkAgile, NeXtScale, and Lenovo CP-CB-10 (affected versions not specified)

Description A command injection issue exists due to the failure to neutralize special elements used in an operating system command. This could allow a remote attacker to execute arbitrary commands. The vulnerability is identified in the System Management Module (SMM/SMM2) and Fan Power Controller (FPC) firmware of Lenovo systems. An authenticated user with elevated privileges could execute unauthorized commands via IPMI.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.