CVE-2024-2659

Severity CVSS v4.0:

Pending analysis

Type:

CWE-78 OS Command Injections

Publication date:

15/04/2024

Last modified:

28/07/2025

Description

<br /> A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.<br /> <br />

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

7.20

Severity 3.x

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware::::::::		FHET62A-3.50 (excluding)
cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:::::::*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware::::::::		TESM40B-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:::::::*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware::::::::		TESM40B-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx_enclosure_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx_enclosure:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx3721_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx3721:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx1021_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx1021:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx_e1_enclosure_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx_e1_enclosure:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx_e2_enclosure_firmware::::::::		tesm40b-1.27 (excluding)

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware::::::::		FHET62A-3.50 (excluding)
cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:::::::*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware::::::::		TESM40B-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:::::::*
cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware::::::::		TESM40B-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx_enclosure_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx_enclosure:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx3721_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx3721:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx1021_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx1021:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx_e1_enclosure_firmware::::::::		tesm40b-1.27 (excluding)
cpe:2.3:h:lenovo:thinkagile_hx_e1_enclosure:-:::::::*
cpe:2.3:o:lenovo:thinkagile_hx_e2_enclosure_firmware::::::::		tesm40b-1.27 (excluding)

CVE-2024-2659

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools