What is CVE-2023-2992?

CVE-2023-2992 is a high-severity vulnerability in Lenovo Fan Power Controller (Fpc), classified under Asymmetric Resource Consumption (Amplification). CVSS score: 7.5/10. Published 2023-06-26.

How severe is CVE-2023-2992?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Lenovo Fan Power Controller (Fpc)

CVE-2023-2992

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

EPSS: 0.003 (52.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Lenovo Fan Power Controller (Fpc) — versions various
Lenovo System Management Module (Smm) — versions various

Weakness classification (CWE)

CWE-405 — Asymmetric Resource Consumption (Amplification)

References

support.lenovo.com/us/en/product_security/LEN-127357

Frequently asked questions

What is CVE-2023-2992?: CVE-2023-2992 is a high-severity vulnerability in Lenovo Fan Power Controller (Fpc), classified under Asymmetric Resource Consumption (Amplification). CVSS score: 7.5/10. Published 2023-06-26.
How severe is CVE-2023-2992?: High severity. CVSS v3 base score is 7.5 out of 10.