Format String Vulnerability Affects API Endpoint
CVE-2023-4856
8.8HIGH
What is CVE-2023-4856?
A format string vulnerability has been identified in Lenovo's SMM/SMM2 and FPC products. This flaw could enable an authenticated user to execute arbitrary commands via a specific API endpoint, potentially compromising system integrity and security. Users of affected Lenovo products should take immediate action to mitigate risks associated with this vulnerability.
Affected Version(s)
SMM, SMM2, FPC various