An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary’s influence is “asymmetric.”
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nextscale_n1200_enclosure_firmware | Lenovo | * | fhet60b-3.40 (excluding) |