CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow
an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting.Β The serverβs NIST SP
800-193-compliant Platform Firmware Resiliency (PFR) security subsystem
significantly mitigates this issue.
[
{
"defaultStatus": "unaffected",
"product": "ThinkSystem SR670 V2",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "U8E126I-2.20",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
]
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%