Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

lenovo system management module firmware vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2021-3849
An authentication bypass vulnerability exists in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not affected.
Lenovo Nextscale N1200 Enclosure FirmwareLenovo Thinkagile Hx Enclosure Certified Node FirmwareLenovo Thinkagile Vx Enclosure FirmwareLenovo Thinksystem D2 Enclosure FirmwareIbm Nextscale Fan Power Controller Firmware
9.8
CVSSv3
CVE-2021-3897
An authentication bypass vulnerability exists in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not aff...
Lenovo Nextscale N1200 Enclosure FirmwareLenovo Thinkagile Hx Enclosure Certified Node FirmwareLenovo Thinkagile Vx Enclosure FirmwareLenovo Thinksystem D2 Enclosure FirmwareIbm Nextscale Fan Power Controller Firmware
7.5
CVSSv3
CVE-2019-6157
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
Lenovo Flex System X240 M4 FirmwareLenovo Flex System X240 M5 FirmwareLenovo Flex System X280 X6 FirmwareLenovo Flex System X440 M4 FirmwareLenovo Flex System X480 X6 FirmwareLenovo Flex System X880 FirmwareLenovo Nextscale Nx360 M5 FirmwareLenovo System X3250 M6 FirmwareLenovo System X3500 M5 FirmwareLenovo System X3550 M5 FirmwareLenovo System X3650 M5 FirmwareLenovo System X3750 M4 FirmwareLenovo System X3850 X6 FirmwareLenovo System X3950 X6 FirmwareIbm Bladecenter Hs22 FirmwareIbm Bladecenter Hs23 FirmwareIbm Bladecenter Hs23e FirmwareIbm Flex System X220 M4 FirmwareIbm Flex System X222 M4 FirmwareIbm Flex System X240 M4 FirmwareIbm Flex System X280 M4 FirmwareIbm Flex System X440 M4 Firmware
7.5
CVSSv3
CVE-2018-16089
In System Management Module (SMM) versions before 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
Lenovo System Management Module Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook