CVE-2024-23591 Vulnerability Details

  /     /     /  

CVE-2024-23591 Metadata Quick Info

CVE Published: 16/02/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: lenovo | Vendor: Lenovo | Product: ThinkSystem SR670 V2
Status : PUBLISHED

---

CVE-2024-23591 Description

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.

Metrics

CVSS Version: 3.1 | Base Score: 2 LOW
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-1269
CWE Name: CWE-1269 Product Released in Non-Release Configuration
Source: Lenovo

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).