We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-4857



Description

An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.

Reserved 2023-09-08 | Published 2024-04-15 | Updated 2024-08-02 | Assigner lenovo


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status
unaffected

various
affected

References

support.lenovo.com/us/en/product_security/LEN-140420

cve.org (CVE-2023-4857)

nvd.nist.gov (CVE-2023-4857)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-4857

Support options

Helpdesk Chat, Email, Knowledgebase