CVE-2023-2993 — MEDIUM (5.4)

Q: How severe is CVE-2023-2993?

CVE-2023-2993 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-2993?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Nextscale N1200 Enclosure Firmware, Lenovo Nextscale N1200 Enclosure, Lenovo Thinkagile Cp-Cb-10 Firmware, Lenovo Thinkagile Cp-Cb-10, Lenovo Thinkagile Cp-Cb-10E Firmware.

Vulnerability Description

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Lenovo	Nextscale N1200 Enclosure Firmware	< fhet60b-3.40
Lenovo	Nextscale N1200 Enclosure	-
Lenovo	Thinkagile Cp-Cb-10 Firmware	< tesm38c-1.26
Lenovo	Thinkagile Cp-Cb-10	-
Lenovo	Thinkagile Cp-Cb-10E Firmware	< tesm38c-1.26
Lenovo	Thinkagile Cp-Cb-10E	-
Lenovo	Thinkagile Hx Enclosure Certified Node Firmware	< tesm38c-1.26
Lenovo	Thinkagile Hx Enclosure Certified Node	-
Lenovo	Thinkagile Vx Enclosure Firmware	< tesm38c-1.26
Lenovo	Thinkagile Vx Enclosure	-
Lenovo	Thinksystem D2 Enclosure Firmware	< tesm38c-1.26
Lenovo	Thinksystem D2 Enclosure	-
Lenovo	Thinksystem Da240 Enclosure Firmware	< umsm10s-1.07
Lenovo	Thinksystem Da240 Enclosure	-
Lenovo	Thinksystem Dw612 Enclosure Firmware	< umsm10s-1.07
Lenovo	Thinksystem Dw612 Enclosure	-

Related Weaknesses (CWE)

CWE-281

References

https://support.lenovo.com/us/en/product_security/LEN-127357Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-127357Vendor Advisory

FAQ

What is CVE-2023-2993?

CVE-2023-2993 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the ...

How severe is CVE-2023-2993?

CVE-2023-2993 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-2993?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Nextscale N1200 Enclosure Firmware, Lenovo Nextscale N1200 Enclosure, Lenovo Thinkagile Cp-Cb-10 Firmware, Lenovo Thinkagile Cp-Cb-10, Lenovo Thinkagile Cp-Cb-10E Firmware.