CVE-2023-2993 Information

Description

A valid authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1 SMM v2 and FPC that the user does not normally have sufficient privileges to execute.

Reference

https://support.lenovo.com/us/en/product_security/LEN-127357