Hidden Server Vulnerability Could Allow Local Attackers to Execute Arbitrary Code
CVE-2024-45105
6.7MEDIUM
Key Information:
- Vendor
Lenovo
- Status
- Vendor
- CVE Published:
- 13 September 2024
What is CVE-2024-45105?
An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.
Affected Version(s)
HX1331 Certified Node (ThinkAgile) BIOS 0
HX2330 Appliance (ThinkAgile) BIOS 0
HX2331 Certified Node (ThinkAgile) BIOS 0