Описание
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.
Затрагиваемое ПО
Lenovo Nextscale n1200 enclosure firmwareLenovo Nextscale n1200 enclosureLenovo Thinkagile cp-cb-10 firmwareLenovo Thinkagile cp-cb-10Lenovo Thinkagile cp-cb-10e firmwareLenovo Thinkagile cp-cb-10eLenovo Thinkagile hx enclosure firmwareLenovo Thinkagile hx enclosureLenovo Thinkagile hx3721 firmwareLenovo Thinkagile hx3721Lenovo Thinkagile hx1021 firmwareLenovo Thinkagile hx1021Lenovo Thinkagile hx e1 enclosure firmwareLenovo Thinkagile hx e1 enclosureLenovo Thinkagile hx e2 enclosure firmwareLenovo Thinkagile hx e2 enclosureLenovo Thinkagile hx1321 firmwareLenovo Thinkagile hx1321Lenovo Thinkagile hx2321 firmwareLenovo Thinkagile hx2321Lenovo Thinkagile hx3321 firmwareLenovo Thinkagile hx3321Lenovo Thinkagile hx1331 firmwareLenovo Thinkagile hx1331Lenovo Thinkagile hx2331 firmware
CVSS
| Балл | 7.2 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Источники
https://support.lenovo.com/us/en/product_security/LEN-140420https://support.lenovo.com/us/en/product_security/LEN-140420