CVE-2024-23591
LOWDescription
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.
Is your site exposed to CVE-2024-23591?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| lenovo | thinksystem_sr670_v2_firmware |
| lenovo | thinksystem_sr670_v2 |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-23591? +
How severe is CVE-2024-23591? +
What products are affected by CVE-2024-23591? +
How do I check if I'm vulnerable to CVE-2024-23591? +
Related Vulnerabilities
A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to …
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute …
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute …
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow …
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated …