CVE-2023-4855 HIGH

CVE-2023-4855

Vendor Lenovo

Product SMM, SMM2, FPC

Weakness CWE-78

Published April 15, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute unauthorized commands via IPMI.

Key dates

02Disclosure timeline

April 15, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4855

Related vulnerabilities

04Related CVE

CVE-2026-8227 Wavlink NU516U1 adm.cgi wzdapMesh os command injection CVE-2025-22605 Coolify OS Command Injection Vulnerability in SSH Command Generation CVE-2023-44421 D-Link DIR-X3260 SetTriggerPPPoEValidate Username Command Injection Remote Code Execution Vulnerability CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings CVE-2025-6618 TOTOLINK CA300-PoE wps.so SetWLanApcliSettings os command injection