In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lenovo thinkserver_rd340_firmware |
||
lenovo thinkserver_rd440_firmware |
||
lenovo thinkserver_rd640_firmware |
||
lenovo thinkserver_td340_firmware |