Denial of Service Vulnerability in Lenovo SMM and FPC Management Web Server
CVE-2023-2992

7.5HIGH

Key Information:

Vendor: Lenovo
Status: System Management Module (smm); Fan Power Controller (fpc)
Vendor: CVE Published:; 26 June 2023

Summary

An unauthenticated denial of service vulnerability has been identified in Lenovo's SMM v1, SMM v2, and FPC management web servers. This vulnerability can be exploited under specific crafted conditions, potentially disrupting access to the management functionality. To regain access, a reboot of the SMM or FPC server is required. Organizations should take precautionary steps to mitigate the risks associated with this vulnerability.

Affected Version(s)

Fan Power Controller (FPC) various

System Management Module (SMM) various

References

https://support.lenovo.com/us/en/product_security/LEN-127357

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 26, 2023
Vulnerability Reserved
May 30, 2023