API Command Execution Vulnerability in Lenovo's SMM and FPC Products
CVE-2023-2993
5.4MEDIUM
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 26 June 2023
What is CVE-2023-2993?
An authenticated user with limited privileges may exploit a security flaw within Lenovo's SMM v1, SMM v2, and FPC products. By crafting malicious web management server API calls, the user can execute commands that they would typically be prevented from performing due to their restricted access level. This vulnerability underscores the importance of reviewing user permissions and securing API endpoints to prevent unauthorized command execution.
Affected Version(s)
Fan Power Controller (FPC) various
System Management Module (SMM) various