cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-2992,https://securityvulnerability.io/vulnerability/CVE-2023-2992,Denial of Service Vulnerability in Lenovo SMM and FPC Management Web Server,"An unauthenticated denial of service vulnerability has been identified in Lenovo's SMM v1, SMM v2, and FPC management web servers. This vulnerability can be exploited under specific crafted conditions, potentially disrupting access to the management functionality. To regain access, a reboot of the SMM or FPC server is required. Organizations should take precautionary steps to mitigate the risks associated with this vulnerability.",Lenovo,"System Management Module (smm),Fan Power Controller (fpc)",7.5,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2023-2993,https://securityvulnerability.io/vulnerability/CVE-2023-2993,API Command Execution Vulnerability in Lenovo's SMM and FPC Products,"An authenticated user with limited privileges may exploit a security flaw within Lenovo's SMM v1, SMM v2, and FPC products. By crafting malicious web management server API calls, the user can execute commands that they would typically be prevented from performing due to their restricted access level. This vulnerability underscores the importance of reviewing user permissions and securing API endpoints to prevent unauthorized command execution.",Lenovo,"System Management Module (smm),Fan Power Controller (fpc)",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-06-26T20:15:00.000Z,0
CVE-2021-3897,https://securityvulnerability.io/vulnerability/CVE-2021-3897,Authentication Bypass in Lenovo Fan Power Controller and System Management Module Firmware,"An authentication bypass vulnerability has been identified in the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware. This flaw allows unauthenticated attackers to execute arbitrary commands on the affected devices, potentially compromising the system's integrity and security. It is critical for users of these products to apply necessary updates to mitigate risks associated with this vulnerability.",Lenovo,"Fan Power Controller2 (fpc2),Lenovo System Management Module (smm)",9.8,CRITICAL,0.001820000004954636,false,,false,false,false,,,false,false,,2022-04-22T21:10:13.000Z,0
CVE-2021-3849,https://securityvulnerability.io/vulnerability/CVE-2021-3849,Authentication Bypass in Lenovo Fan Power Controller and System Management Module,"An authentication bypass vulnerability has been identified in the web interface of the Lenovo Fan Power Controller 2 (FPC2) and Lenovo System Management Module (SMM) firmware. This flaw potentially allows an unauthenticated attacker to execute arbitrary commands on these systems, leading to unauthorized access and control. Notably, the SMM2 version remains unaffected.",Lenovo,"Fan Power Controller2 (fpc2),Lenovo System Management Module (smm)",9.8,CRITICAL,0.0015999999595806003,false,,false,false,false,,,false,false,,2022-04-22T21:10:11.000Z,0