Description
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
- Attack Vector
- local
- Complexity
- low
- Privileges
- high
- User Action
- required
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-1269NVD-CWE-Other
Metadata
- Primary Vendor
- LENOVO
- Published
- 2/16/2024
- Last Modified
- 7/23/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
lenovo : thinksystem_sr670_v2_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.