Format String Vulnerability Affects API Endpoint
CVE-2023-4856

8.8HIGH

Key Information:

Vendor: Lenovo
Status: Smm, Smm2, Fpc
Vendor: CVE Published:; 15 April 2024

What is CVE-2023-4856?

A format string vulnerability has been identified in Lenovo's SMM/SMM2 and FPC products. This flaw could enable an authenticated user to execute arbitrary commands via a specific API endpoint, potentially compromising system integrity and security. Users of affected Lenovo products should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

SMM, SMM2, FPC various

References

https://support.lenovo.com/us/en/product_security/LEN-140420

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Sep 8, 2023