A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

Related CVEs

CVE-2023-2993

Key Information

GHSA ID

GHSA-6fq2-7qrw-4c53

Published

June 26, 2023 9:30 PM

Last Modified

April 4, 2024 5:10 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.