CVE-2023-2992
HIGHLenovo NextScale N1200 Enclosure Firmware < fhet60b-3.40 - Unauthenticated Denial of Service
Title source: llmDescription
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-127357
Scores
CVSS v3
7.5
EPSS
0.0052
EPSS Percentile
39.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-405
Status
published
Products (8)
lenovo/nextscale_n1200_enclosure_firmware
< fhet60b-3.40
lenovo/thinkagile_cp-cb-10_firmware
< tesm38c-1.26
lenovo/thinkagile_cp-cb-10e_firmware
< tesm38c-1.26
lenovo/thinkagile_hx_enclosure_certified_node_firmware
< tesm38c-1.26
lenovo/thinkagile_vx_enclosure_firmware
< tesm38c-1.26
lenovo/thinksystem_d2_enclosure_firmware
< tesm38c-1.26
lenovo/thinksystem_da240_enclosure_firmware
< umsm10s-1.07
lenovo/thinksystem_dw612_enclosure_firmware
< umsm10s-1.07
Published
Jun 26, 2023
Tracked Since
Feb 18, 2026