7.2
HIGH
CVE-2024-2659
QNAP SMM/FPC Command Injection Vulnerability
Description

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.

INFO

Published Date :

April 15, 2024, 6:15 p.m.

Last Modified :

July 28, 2025, 1:06 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

1.2
Affected Products

The following products are affected by CVE-2024-2659 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Lenovo nextscale_n1200_enclosure_firmware
2 Lenovo thinkagile_cp-cb-10_firmware
3 Lenovo thinkagile_cp-cb-10e_firmware
4 Lenovo thinksystem_d2_enclosure_firmware
5 Lenovo thinkagile_vx3331_firmware
6 Lenovo thinkagile_hx_enclosure_firmware
7 Lenovo thinkagile_hx1021_firmware
8 Lenovo thinkagile_hx1321_firmware
9 Lenovo thinkagile_hx1331_firmware
10 Lenovo thinkagile_hx1521-r_firmware
11 Lenovo thinkagile_hx2321_firmware
12 Lenovo thinkagile_hx2331_firmware
13 Lenovo thinkagile_hx3321_firmware
14 Lenovo thinkagile_hx3331_firmware
15 Lenovo thinkagile_hx3376_firmware
16 Lenovo thinkagile_hx3521-g_firmware
17 Lenovo thinkagile_hx3721_firmware
18 Lenovo thinkagile_hx5521_firmware
19 Lenovo thinkagile_hx5521-c_firmware
20 Lenovo thinkagile_hx5531_firmware
21 Lenovo thinkagile_hx7521_firmware
22 Lenovo thinkagile_hx7531_firmware
23 Lenovo thinkagile_hx7821_firmware
24 Lenovo thinkagile_vx_1se_firmware
25 Lenovo thinkagile_vx_4u_firmware
26 Lenovo thinkagile_vx1320_firmware
27 Lenovo thinkagile_vx2320_firmware
28 Lenovo thinkagile_vx2330_firmware
29 Lenovo thinkagile_vx3320_firmware
30 Lenovo thinkagile_vx3330_firmware
31 Lenovo thinkagile_vx3520-g_firmware
32 Lenovo thinkagile_vx3530-g_firmware
33 Lenovo thinkagile_vx3720_firmware
34 Lenovo thinkagile_vx5520_firmware
35 Lenovo thinkagile_vx5530_firmware
36 Lenovo thinkagile_vx7520_firmware
37 Lenovo thinkagile_vx7530_firmware
38 Lenovo thinkagile_vx7531_firmware
39 Lenovo thinkagile_vx7820_firmware
40 Lenovo fan_power_controller
41 Lenovo thinkagile_vx_1u_firmware
42 Lenovo thinkagile_vx_2u_firmware
43 Lenovo system_management_module_firmware
44 Lenovo nextscale_n1200_enclosure
45 Lenovo thinkagile_cp-cb-10
46 Lenovo thinkagile_cp-cb-10e
47 Lenovo thinksystem_d2_enclosure
48 Lenovo thinkagile_vx_1u
49 Lenovo thinkagile_vx_2u
50 Lenovo thinkagile_hx1321
51 Lenovo thinkagile_hx1521-r
52 Lenovo thinkagile_hx2321
53 Lenovo thinkagile_hx3321
54 Lenovo thinkagile_hx3376
55 Lenovo thinkagile_hx3521-g
56 Lenovo thinkagile_hx5521
57 Lenovo thinkagile_hx5521-c
58 Lenovo thinkagile_hx7521
59 Lenovo thinkagile_vx2320
60 Lenovo thinkagile_vx3320
61 Lenovo thinkagile_vx3520-g
62 Lenovo thinkagile_vx5520
63 Lenovo thinkagile_vx7520
64 Lenovo thinkagile_hx7821
65 Lenovo thinkagile_vx3331
66 Lenovo thinkagile_hx1021
67 Lenovo thinkagile_hx3721
68 Lenovo thinkagile_vx_4u
69 Lenovo thinkagile_vx1320
70 Lenovo thinkagile_vx2330
71 Lenovo thinkagile_vx3330
72 Lenovo thinkagile_vx3530-g
73 Lenovo thinkagile_vx3720
74 Lenovo thinkagile_vx5530
75 Lenovo thinkagile_vx7530
76 Lenovo thinkagile_vx7531
77 Lenovo thinkagile_vx7820
78 Lenovo thinkagile_hx1331
79 Lenovo thinkagile_hx2331
80 Lenovo thinkagile_hx3331
81 Lenovo thinkagile_hx5531
82 Lenovo thinkagile_hx7531
83 Lenovo thinkagile_vx_1se
84 Lenovo thinkagile_hx_enclosure
85 Lenovo thinkagile_hx_e1_enclosure_firmware
86 Lenovo thinkagile_hx_e1_enclosure
87 Lenovo thinkagile_hx_e2_enclosure_firmware
88 Lenovo thinkagile_hx_e2_enclosure
89 Lenovo thinkagile_hx630_v3_firmware
90 Lenovo thinkagile_hx630_v3
91 Lenovo thinkagile_hx645_v3_firmware
92 Lenovo thinkagile_hx645_v3
93 Lenovo thinkagile_hx650_v3_firmware
94 Lenovo thinkagile_hx650_v3
95 Lenovo thinkagile_hx665_v3_firmware
96 Lenovo thinkagile_hx665_v3
97 Lenovo thinkagile_2u4n_firmware
98 Lenovo thinkagile_2u4n
99 Lenovo thinkagile_vx7320-n_firmware
100 Lenovo thinkagile_vx7320-n
101 Lenovo thinkagile_vx7330-n_firmware
102 Lenovo thinkagile_vx7330-n
103 Lenovo thinkagile_vx630_v3_firmware
104 Lenovo thinkagile_vx630_v3
105 Lenovo thinkagile_vx630_v4_firmware
106 Lenovo thinkagile_vx630_v4
107 Lenovo thinkagile_vx635_v3_firmware
108 Lenovo thinkagile_vx635_v3
109 Lenovo thinkagile_vx2375_firmware
110 Lenovo thinkagile_vx2375
111 Lenovo thinkagile_vx3375_firmware
112 Lenovo thinkagile_vx3375
113 Lenovo thinkagile_vx7375-n_firmware
114 Lenovo thinkagile_vx7375-n
115 Lenovo thinkagile_vx3376_firmware
116 Lenovo thinkagile_vx3376
117 Lenovo thinkagile_vx645_v3_firmware
118 Lenovo thinkagile_vx645_v3
119 Lenovo thinkagile_vx650_v3_firmware
120 Lenovo thinkagile_vx650_v3
121 Lenovo thinkagile_vx650_v4_firmware
122 Lenovo thinkagile_vx650_v4
123 Lenovo thinkagile_vx655_v3_firmware
124 Lenovo thinkagile_vx655_v3
125 Lenovo thinkagile_vx5575_firmware
126 Lenovo thinkagile_vx5575
127 Lenovo thinkagile_vx7575_firmware
128 Lenovo thinkagile_vx7575
129 Lenovo thinkagile_vx3575-g_firmware
130 Lenovo thinkagile_vx3575-g
131 Lenovo thinkagile_vx665_v3_firmware
132 Lenovo thinkagile_vx665_v3
133 Lenovo thinkagile_vx850_v3_firmware
134 Lenovo thinkagile_vx850_v3
135 Lenovo thinksystem_da240_firmware
136 Lenovo thinksystem_da240
137 Lenovo thinksystem_dw612_firmware
138 Lenovo thinksystem_dw612
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-2659.

URL Resource
https://support.lenovo.com/us/en/product_security/LEN-140420 Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-140420 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-2659 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-2659 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jul. 28, 2025

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:nextscale_n1200_enclosure_firmware:*:*:*:*:*:*:*:* versions up to (excluding) FHET62A-3.50 OR cpe:2.3:h:lenovo:nextscale_n1200_enclosure:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_cp-cb-10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) TESM40B-1.27 OR cpe:2.3:h:lenovo:thinkagile_cp-cb-10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_cp-cb-10e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) TESM40B-1.27 OR cpe:2.3:h:lenovo:thinkagile_cp-cb-10e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx_enclosure_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx_enclosure:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx3721_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx3721:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx1021_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx1021:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx_e1_enclosure_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx_e1_enclosure:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx_e2_enclosure_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx_e2_enclosure:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx1321_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx1321:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx2321_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx2321:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx3321_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx3321:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx1331:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx2331:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx3331_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx630_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx630_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx645_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx645_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx1521-r_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx1521-r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx3521-g_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx3521-g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx5521_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx5521:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx5521-c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx5521-c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx7521:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx5531_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx5531:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx7531:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx650_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx650_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx665_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx665_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_hx7821_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_hx7821:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3720_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3720:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_2u4n_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_2u4n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx1320_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx1320:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx_1se_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx_1se:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3320_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3320:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx2320_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx2320:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7320-n_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7320-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx_1u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx_1u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx2330_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx2330:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3330_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3330:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7330-n_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7330-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3331:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx630_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx630_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx630_v4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx630_v4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx635_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx635_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx2375_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx2375:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3375_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3375:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7375-n_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7375-n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3376_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3376:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx645_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx645_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx5520_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx5520:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7520_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7520:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3520-g_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3520-g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx5520_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx5520:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx_2u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx_2u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3530-g_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3530-g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx5530_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx5530:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7530_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7530:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7531_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7531:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx650_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx650_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx650_v4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx650_v4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx655_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx655_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx5575_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx5575:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7575_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7575:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx3575-g_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx3575-g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx665_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx665_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx850_v3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx850_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx_4u_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx_4u:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinkagile_vx7820_firmware:*:*:*:*:*:*:*:* versions up to (excluding) tesm40b-1.27 OR cpe:2.3:h:lenovo:thinkagile_vx7820:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinksystem_d2_enclosure_firmware:*:*:*:*:*:*:*:* versions up to (excluding) TESM40B-1.27 OR cpe:2.3:h:lenovo:thinksystem_d2_enclosure:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinksystem_da240_firmware:*:*:*:*:*:*:*:* versions up to (excluding) UMSM12I-1.1.3 OR cpe:2.3:h:lenovo:thinksystem_da240:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:lenovo:thinksystem_dw612_firmware:*:*:*:*:*:*:*:* versions up to (excluding) UMSM12I-1.1.3 OR cpe:2.3:h:lenovo:thinksystem_dw612:-:*:*:*:*:*:*:*
    Added Reference Type CVE: https://support.lenovo.com/us/en/product_security/LEN-140420 Types: Vendor Advisory
    Added Reference Type Lenovo Group Ltd.: https://support.lenovo.com/us/en/product_security/LEN-140420 Types: Vendor Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://support.lenovo.com/us/en/product_security/LEN-140420
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 11, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by [email protected]

    Apr. 15, 2024

    Action Type Old Value New Value
    Added Description A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.
    Added Reference Lenovo Group Ltd. https://support.lenovo.com/us/en/product_security/LEN-140420 [No types assigned]
    Added CWE Lenovo Group Ltd. CWE-78
    Added CVSS V3.1 Lenovo Group Ltd. AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-2659 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability