CVE-2023-4857 — Vulnetix

CVE-2023-4857 PUBLISHED CVSS 7.5 HIGH

An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.

EPSS 0.11% · 29.2th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.11%

29.2th percentile

Affected Products

Vendor	Product	Versions
lenovo	system_management_module_firmware	1.24, 1.24
lenovo	fan_power_controller	0, 0
Lenovo	SMM, SMM2, FPC	various, various

Exploit Intelligence

https://support.lenovo.com/us/en/product_security/LEN-140420 (circl)

Timeline

Apr 15, 2024 CVE Published
Apr 16, 2024 EPSS Score
May 11, 2024 EPSS Score
Jun 5, 2024 EPSS Score
Jun 30, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Aug 19, 2024 EPSS Score
Sep 13, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 8, 2024 EPSS Score
Nov 1, 2024 EPSS Score
Nov 26, 2024 EPSS Score

References

https://support.lenovo.com/us/en/product_security/LEN-140420 url
https://nvd.nist.gov/vuln/detail/CVE-2023-4857 advisory

Open in Interactive Console →