Authentication Bypass Vulnerability in IPMI Could Lead to Limited System Information Exposure
CVE-2023-4857

7.5HIGH

Key Information:

Vendor: Lenovo
Status: Smm, Smm2, Fpc
Vendor: CVE Published:; 15 April 2024

What is CVE-2023-4857?

An authentication bypass vulnerability exists in Lenovo's SMM/SMM2 and FPC products, potentially allowing authenticated users to execute specific Intelligent Platform Management Interface (IPMI) calls. This could result in the exposure of limited and sensitive system information, posing significant security risks for affected environments. It is essential for users and administrators to be aware of this vulnerability to implement appropriate security measures and mitigate potential threats.

Affected Version(s)

SMM, SMM2, FPC various

References

https://support.lenovo.com/us/en/product_security/LEN-140420

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Sep 8, 2023