CVE-2024-23591

LOW
Published Feb 16, 2024 Modified Jul 23, 2025 CWE-1269

Description

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.

CVSS v3.1 Score

2.0
LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-1269 CWE-1269

Affected Products

Vendor Product
lenovo thinksystem_sr670_v2_firmware
lenovo thinksystem_sr670_v2

References

Frequently Asked Questions

What is CVE-2024-23591? +
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. It has a CVSS v3.1 base score of 2.0 (LOW).
How severe is CVE-2024-23591? +
CVE-2024-23591 has a CVSS v3.1 score of 2.0 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2024-23591? +
CVE-2024-23591 affects products from lenovo, specifically: thinksystem_sr670_v2, thinksystem_sr670_v2_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-23591? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2023-5457 7.5

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to …
CVE-2019-6198 7.8

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate …
CVE-2025-6232 7.8

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute …
CVE-2025-6231 7.8

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute …
CVE-2019-6197 7.8

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate …
CVE-2023-1577 7.8

A path hijacking vulnerability was reported in Lenovo Driver Manager prior to version 3.1.1307.1308 that could allow a local user …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-23591 — free, no signup required.

Start Free Scan