CVE-2023-2992

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions.  Rebooting SMM or FPC will restore access to the management web server.
Amplification
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
lenovonextscale_n1200_enclosure_firmware
𝑥
< fhet60b-3.40
ADP
lenovothinkagile_cp-cb-10e_firmware
𝑥
< tesm38c-1.2
ADP
lenovothinkagile_cp-cb-10_firmware
𝑥
< tesm38c-1.2
ADP
lenovothinkagile_hx_enclosure_firmware
𝑥
< tesm38c-1.2
ADP
lenovothinkagile_vx_enclosure_firmware
𝑥
< tesm38c-1.2
ADP
lenovothinksystem_d2_enclosure_firmware
𝑥
< tesm38c-1.2
ADP
lenovothinksystem_da240_enclosure_firmware
𝑥
< tesm38c-1.2
ADP
lenovothinksystem_dw612_enclosure_firmware
𝑥
< tesm38c-1.2
ADP
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-127357
https://support.lenovo.com/us/en/product_security/LEN-127357