CVE-2023-2992
📋 TL;DR
An unauthenticated denial-of-service vulnerability exists in Lenovo's SMM v1, SMM v2, and FPC management web servers that allows remote attackers to crash the management interface under crafted conditions. Affected systems include Lenovo servers with vulnerable SMM/FPC firmware versions. Rebooting the SMM or FPC restores access.
💻 Affected Systems
- Lenovo System Management Module (SMM) v1
- Lenovo System Management Module (SMM) v2
- Lenovo Flexible Port Configuration (FPC)
📦 What is this software?
Nextscale N1200 Enclosure Firmware by Lenovo
View all CVEs affecting Nextscale N1200 Enclosure Firmware →
Thinkagile Hx Enclosure Certified Node Firmware by Lenovo
View all CVEs affecting Thinkagile Hx Enclosure Certified Node Firmware →
Thinkagile Vx Enclosure Firmware by Lenovo
Thinksystem D2 Enclosure Firmware by Lenovo
⚠️ Risk & Real-World Impact
Worst Case
Complete unavailability of server management interface, requiring physical access to reboot SMM/FPC components, potentially disrupting server administration during critical operations.
Likely Case
Temporary loss of web-based management access until manual reboot of SMM/FPC components, disrupting remote server administration capabilities.
If Mitigated
No impact if management interfaces are properly segmented and protected behind network controls.
🎯 Exploit Status
Vulnerability requires crafted conditions but is unauthenticated; exact exploit details not publicly disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Lenovo advisory LEN-127357 for specific fixed firmware versions
Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-127357
Restart Required: Yes
Instructions:
1. Access Lenovo advisory LEN-127357. 2. Identify affected SMM/FPC firmware versions. 3. Download and apply firmware updates from Lenovo support portal. 4. Reboot SMM/FPC components after update.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to SMM/FPC management interfaces to trusted administrative networks only
Configure firewall rules to block untrusted access to SMM/FPC management ports (typically 80/443)
Access Control Lists
allImplement IP-based access controls on management interfaces
Configure SMM/FPC web server to only accept connections from authorized management IP addresses
🧯 If You Can't Patch
- Isolate management interfaces behind VPN/firewall with strict access controls
- Implement network monitoring for unusual traffic patterns to management interfaces
🔍 How to Verify
Check if Vulnerable:
Check SMM/FPC firmware version against Lenovo advisory LEN-127357; if running vulnerable version and management interface is accessible, system is vulnerable.Check Version:
Check via SMM/FPC web interface or use Lenovo management tools; specific command varies by product.Verify Fix Applied:
Confirm firmware version has been updated to patched version listed in Lenovo advisory; test management interface functionality.📡 Detection & Monitoring
Log Indicators:
- SMM/FPC web server crash logs
- Unexpected management interface restarts
- Failed authentication attempts followed by service disruption
Network Indicators:
- Unusual traffic patterns to management ports (80/443) followed by service unavailability
- Crafted HTTP requests to SMM/FPC management endpoints
SIEM Query:
source="smm_logs" OR source="fpc_logs" AND (event="crash" OR event="restart") AND dest_port IN (80, 443)