CVE-2023-4856 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-4856 PUBLISHED CVSS 8.800000190734863 HIGH

A format string vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute arbitrary commands on a specific API endpoint.

EPSS 0.39% · 59.8th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.39%

59.8th percentile

Affected Products

Vendor	Product	Versions
Lenovo	SMM, SMM2, FPC	various
lenovo	fan_power_controller	0
lenovo	system_management_module_firmware	1.24

Timeline

Apr 15, 2024 CVE Published
Apr 16, 2024 EPSS Score
May 10, 2024 EPSS Score
Jun 4, 2024 EPSS Score
Jun 29, 2024 EPSS Score
Jul 23, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 17, 2024 EPSS Score
Sep 10, 2024 EPSS Score
Oct 4, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 29, 2024 EPSS Score

References

Open in Interactive Console →