CVE-2024-23591

CVSS 3.1 Score 2.0 of 10 (low)

Details

Published Feb 16, 2024

Updated: Feb 20, 2024

CWE ID 1269

Summary

CVE-2024-23591 is a vulnerability affecting ThinkSystem SR670V2 servers manufactured between June 2021 and July 2023. In Manufacturing Mode, these servers allow privileged logical access users or physical access attackers to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration settings. This issue poses a significant risk to server security. However, the server's NIST SP800-193-compliant Platform Firmware Resiliency (PFR) security subsystem effectively mitigates this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uMSdpv
https://www.cve.org/CVERecord?id=CVE-2024-23591
https://nvd.nist.gov/vuln/detail/CVE-2024-23591

Back to Vulnerability Database

CVE-2024-23591

CVSS 3.1 Score 2.0 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations