cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2659,https://securityvulnerability.io/vulnerability/CVE-2024-2659,Command Injection Vulnerability in FPC Allows Elevated Privileges,"A command injection vulnerability has been discovered in Lenovo SMM/SMM2 and FPC products. This security flaw affects authenticated users with elevated privileges, enabling them to execute arbitrary system commands during specific administrative functions. The vulnerability poses significant risks, as it could lead to unauthorized access and manipulation of system resources. Organizations utilizing affected Lenovo products should prioritize immediate assessment and remediation to safeguard their systems against potential exploitation.",Lenovo,"Smm, Smm2, Fpc",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-15T18:00:12.275Z,0
CVE-2023-4857,https://securityvulnerability.io/vulnerability/CVE-2023-4857,Authentication Bypass Vulnerability in IPMI Could Lead to Limited System Information Exposure,"An authentication bypass vulnerability exists in Lenovo's SMM/SMM2 and FPC products, potentially allowing authenticated users to execute specific Intelligent Platform Management Interface (IPMI) calls. This could result in the exposure of limited and sensitive system information, posing significant security risks for affected environments. It is essential for users and administrators to be aware of this vulnerability to implement appropriate security measures and mitigate potential threats.",Lenovo,"Smm, Smm2, Fpc",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-15T18:00:03.660Z,0
CVE-2023-4856,https://securityvulnerability.io/vulnerability/CVE-2023-4856,Format String Vulnerability Affects API Endpoint,"A format string vulnerability has been identified in Lenovo's SMM/SMM2 and FPC products. This flaw could enable an authenticated user to execute arbitrary commands via a specific API endpoint, potentially compromising system integrity and security. Users of affected Lenovo products should take immediate action to mitigate risks associated with this vulnerability.",Lenovo,"Smm, Smm2, Fpc",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-15T17:59:50.197Z,0
CVE-2023-4855,https://securityvulnerability.io/vulnerability/CVE-2023-4855,Unauthorized Command Execution Vulnerability in IPMI,"A command injection vulnerability exists within Lenovo's System Management Module (SMM), System Management Module 2 (SMM2), and Flexible Power Controller (FPC). This flaw can be exploited by an authenticated user with elevated privileges, enabling them to execute unauthorized commands through the Intelligent Platform Management Interface (IPMI). Organizations utilizing these affected products should prioritize reviewing their security configurations and apply relevant protective measures to mitigate risks associated with this vulnerability.",Lenovo,"Smm, Smm2, Fpc",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-15T17:58:53.588Z,0