Hidden Server Vulnerability Could Allow Local Attackers to Execute Arbitrary Code

CVE-2024-45105

6.7MEDIUM

Key Information

Vendor
Lenovo
Status
Hx5530 Appliance (thinkagile) BiOS
Hx645 V3 Integrated System (thinkagile) BiOS
Hx665 V3 Certified Node (thinkagile) BiOS
St250 V3 (thinksystem) BiOS
Vendor
CVE Published:
13 September 2024

Summary

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.

Affected Version(s)

HX5530 Appliance (ThinkAgile) BIOS < 0

HX645 V3 Integrated System (ThinkAgile) BIOS < 0

HX665 V3 Certified Node (ThinkAgile) BIOS < 0

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.