Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-4857
PUBLISHED
More InfoOfficial Page
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
View Known Exploited Vulnerability (KEV) details
Published At-15 Apr, 2024 | 18:00
Updated At-02 Aug, 2024 | 07:38
Rejected At-
▼CVE Numbering Authority (CNA)

An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
SMM, SMM2, FPC
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update SMM/SMM2 or FPC to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-140420    

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-140420
N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-140420
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Lenovo Group Limitedlenovo
Product
fan_power_controller
CPEs
  • cpe:2.3:a:lenovo:fan_power_controller:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before fhet62a-3.50 (custom)
Vendor
Lenovo Group Limitedlenovo
Product
system_management_module_firmware
CPEs
  • cpe:2.3:o:lenovo:system_management_module_firmware:1.24:*:*:*:*:*:*:*
Default Status
affected
Versions
Affected
  • From 1.24 before tesm40b-1.27 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-140420
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-140420
Resource:
x_transferred
Details not found