CVE-2023-2993
Severity Score
6.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-30 CVE Reserved
- 2023-06-26 CVE Published
- 2024-11-06 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-281: Improper Preservation of Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-127357 | 2023-07-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Nextscale N1200 Enclosure Firmware Search vendor "Lenovo" for product "Nextscale N1200 Enclosure Firmware" | < fhet60b-3.40 Search vendor "Lenovo" for product "Nextscale N1200 Enclosure Firmware" and version " < fhet60b-3.40" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Nextscale N1200 Enclosure Search vendor "Lenovo" for product "Nextscale N1200 Enclosure" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Cp-cb-10 Firmware Search vendor "Lenovo" for product "Thinkagile Cp-cb-10 Firmware" | < tesm38c-1.26 Search vendor "Lenovo" for product "Thinkagile Cp-cb-10 Firmware" and version " < tesm38c-1.26" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Cp-cb-10 Search vendor "Lenovo" for product "Thinkagile Cp-cb-10" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Cp-cb-10e Firmware Search vendor "Lenovo" for product "Thinkagile Cp-cb-10e Firmware" | < tesm38c-1.26 Search vendor "Lenovo" for product "Thinkagile Cp-cb-10e Firmware" and version " < tesm38c-1.26" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Cp-cb-10e Search vendor "Lenovo" for product "Thinkagile Cp-cb-10e" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx Enclosure Certified Node Firmware Search vendor "Lenovo" for product "Thinkagile Hx Enclosure Certified Node Firmware" | < tesm38c-1.26 Search vendor "Lenovo" for product "Thinkagile Hx Enclosure Certified Node Firmware" and version " < tesm38c-1.26" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx Enclosure Certified Node Search vendor "Lenovo" for product "Thinkagile Hx Enclosure Certified Node" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx Enclosure Firmware Search vendor "Lenovo" for product "Thinkagile Vx Enclosure Firmware" | < tesm38c-1.26 Search vendor "Lenovo" for product "Thinkagile Vx Enclosure Firmware" and version " < tesm38c-1.26" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx Enclosure Search vendor "Lenovo" for product "Thinkagile Vx Enclosure" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem D2 Enclosure Firmware Search vendor "Lenovo" for product "Thinksystem D2 Enclosure Firmware" | < tesm38c-1.26 Search vendor "Lenovo" for product "Thinksystem D2 Enclosure Firmware" and version " < tesm38c-1.26" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem D2 Enclosure Search vendor "Lenovo" for product "Thinksystem D2 Enclosure" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Da240 Enclosure Firmware Search vendor "Lenovo" for product "Thinksystem Da240 Enclosure Firmware" | < umsm10s-1.07 Search vendor "Lenovo" for product "Thinksystem Da240 Enclosure Firmware" and version " < umsm10s-1.07" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Da240 Enclosure Search vendor "Lenovo" for product "Thinksystem Da240 Enclosure" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Dw612 Enclosure Firmware Search vendor "Lenovo" for product "Thinksystem Dw612 Enclosure Firmware" | < umsm10s-1.07 Search vendor "Lenovo" for product "Thinksystem Dw612 Enclosure Firmware" and version " < umsm10s-1.07" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Dw612 Enclosure Search vendor "Lenovo" for product "Thinksystem Dw612 Enclosure" | - | - |
Safe
|