Denial of Service Vulnerability in Lenovo SMM and FPC Management Web Server
CVE-2023-2992
7.5HIGH
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 26 June 2023
What is CVE-2023-2992?
An unauthenticated denial of service vulnerability has been identified in Lenovo's SMM v1, SMM v2, and FPC management web servers. This vulnerability can be exploited under specific crafted conditions, potentially disrupting access to the management functionality. To regain access, a reboot of the SMM or FPC server is required. Organizations should take precautionary steps to mitigate the risks associated with this vulnerability.
Affected Version(s)
Fan Power Controller (FPC) various
System Management Module (SMM) various