CVE-2024-2659
https://notcve.org/view.php?id=CVE-2024-2659
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function. Se identificó una vulnerabilidad de inyección de comandos en SMM/SMM2 y FPC que podría permitir que un usuario autenticado con privilegios elevados ejecute comandos del sistema al realizar una función administrativa específica. • https://support.lenovo.com/us/en/product_security/LEN-140420 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-4857
https://notcve.org/view.php?id=CVE-2023-4857
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information. Se identificó una vulnerabilidad de omisión de autenticación en SMM/SMM2 y FPC que podría permitir a un usuario autenticado ejecutar ciertas llamadas IPMI que podrían provocar la exposición de información limitada del sistema. • https://support.lenovo.com/us/en/product_security/LEN-140420 • CWE-306: Missing Authentication for Critical Function •
CVE-2023-4856
https://notcve.org/view.php?id=CVE-2023-4856
A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint. Se identificó una vulnerabilidad de cadena de formato en SMM/SMM2 y FPC que podría permitir a un usuario autenticado ejecutar comandos arbitrarios en un endpoint API específico. • https://support.lenovo.com/us/en/product_security/LEN-140420 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-4855
https://notcve.org/view.php?id=CVE-2023-4855
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI. Se identificó una vulnerabilidad de inyección de comandos en SMM/SMM2 y FPC que podría permitir que un usuario autenticado con privilegios elevados ejecute comandos no autorizados a través de IPMI. • https://support.lenovo.com/us/en/product_security/LEN-140420 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •