Description

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

Related CPE's

o

lenovo

thinkagile_hx5530_firmware

Vulnerable

h

lenovo

thinkagile_hx5530

-

o

lenovo

thinkagile_hx7530_firmware

2

h

lenovo

thinkagile_hx7530

2

o

lenovo

thinkagile_vx3331_firmware

Vulnerable

h

lenovo

thinkagile_vx3331

-

o

lenovo

thinkagile_hx_enclosure_firmware

Vulnerable

h

lenovo

thinkagile_hx_enclosure

-

o

lenovo

thinkagile_hx1021_firmware

Vulnerable

h

lenovo

thinkagile_hx1021

-

o

lenovo

thinkagile_hx1320_firmware

Vulnerable

h

lenovo

thinkagile_hx1320

-

o

lenovo

thinkagile_hx1321_firmware

Vulnerable

h

lenovo

thinkagile_hx1321

-

o

lenovo

thinkagile_hx1331_firmware

Vulnerable

h

lenovo

thinkagile_hx1331

-

o

lenovo

thinkagile_hx1520-r_firmware

Vulnerable

h

lenovo

thinkagile_hx1520-r

-

o

lenovo

thinkagile_hx1521-r_firmware

Vulnerable

h

lenovo

thinkagile_hx1521-r

-

o

lenovo

thinkagile_hx2320-e_firmware

Vulnerable

h

lenovo

thinkagile_hx2320-e

-

o

lenovo

thinkagile_hx2321_firmware

Vulnerable

h

lenovo

thinkagile_hx2321

-

o

lenovo

thinkagile_hx2330_firmware

2

h

lenovo

thinkagile_hx2330

-

o

lenovo

thinkagile_hx2331_firmware

Vulnerable

h

lenovo

thinkagile_hx2331

-

o

lenovo

thinkagile_hx2720-e_firmware

Vulnerable

h

lenovo

thinkagile_hx2720-e

-

o

lenovo

thinkagile_hx3320_firmware

Vulnerable

h

lenovo

thinkagile_hx3320

-

o

lenovo

thinkagile_hx3321_firmware

Vulnerable

h

lenovo

thinkagile_hx3321

-

o

lenovo

thinkagile_hx3330_firmware

Vulnerable

h

lenovo

thinkagile_hx3330

-

o

lenovo

thinkagile_hx3331_firmware

2

h

lenovo

thinkagile_hx3331

2

o

lenovo

thinkagile_hx3375_firmware

Vulnerable

h

lenovo

thinkagile_hx3375

-

o

lenovo

thinkagile_hx3376_firmware

Vulnerable

h

lenovo

thinkagile_hx3376

-

o

lenovo

thinkagile_hx3520-g_firmware

Vulnerable

h

lenovo

thinkagile_hx3520-g

-

o

lenovo

thinkagile_hx3521-g_firmware

Vulnerable

h

lenovo

thinkagile_hx3521-g

-

o

lenovo

thinkagile_hx3720_firmware

Vulnerable

h

lenovo

thinkagile_hx3720

-

o

lenovo

thinkagile_hx3721_firmware

Vulnerable

h

lenovo

thinkagile_hx3721

-

o

lenovo

thinkagile_hx5520_firmware

Vulnerable

h

lenovo

thinkagile_hx5520

-

o

lenovo

thinkagile_hx5520-c_firmware

Vulnerable

h

lenovo

thinkagile_hx5520-c

-

o

lenovo

thinkagile_hx5521_firmware

Vulnerable

h

lenovo

thinkagile_hx5521

-

o

lenovo

thinkagile_hx5521-c_firmware

Vulnerable

h

lenovo

thinkagile_hx5521-c

-

o

lenovo

thinkagile_hx5531_firmware

Vulnerable

h

lenovo

thinkagile_hx5531

-

o

lenovo

thinkagile_hx7520_firmware

Vulnerable

h

lenovo

thinkagile_hx7520

-

o

lenovo

thinkagile_hx7521_firmware

Vulnerable

h

lenovo

thinkagile_hx7521

-

o

lenovo

thinkagile_hx7531_firmware

2

h

lenovo

thinkagile_hx7531

2

o

lenovo

thinkagile_hx7820_firmware

Vulnerable

h

lenovo

thinkagile_hx7820

-

o

lenovo

thinkagile_hx7821_firmware

Vulnerable

h

lenovo

thinkagile_hx7821

-

o

lenovo

thinkagile_mx1020_firmware

Vulnerable

h

lenovo

thinkagile_mx1020

-

o

lenovo

thinkagile_mx3330-f_firmware

Vulnerable

h

lenovo

thinkagile_mx3330-f

-

o

lenovo

thinkagile_mx3330-h_firmware

Vulnerable

h

lenovo

thinkagile_mx3330-h

-

o

lenovo

thinkagile_mx3331-f_firmware

Vulnerable

h

lenovo

thinkagile_mx3331-f

-

o

lenovo

thinkagile_mx3331-h_firmware

Vulnerable

h

lenovo

thinkagile_mx3331-h

-

o

lenovo

thinkagile_mx3530_f_firmware

Vulnerable

h

lenovo

thinkagile_mx3530_f

-

o

lenovo

thinkagile_mx3530-h_firmware

Vulnerable

h

lenovo

thinkagile_mx3530-h

-

o

lenovo

thinkagile_mx3531_h_firmware

Vulnerable

h

lenovo

thinkagile_mx3531_h

-

o

lenovo

thinkagile_mx3531-f_firmware

Vulnerable

h

lenovo

thinkagile_mx3531-f

-

o

lenovo

thinkagile_mx1021_on_se350_firmware

Vulnerable

h

lenovo

thinkagile_mx1021_on_se350

-

o

lenovo

thinkagile_vx_1se_firmware

Vulnerable

h

lenovo

thinkagile_vx_1se

-

o

lenovo

thinkagile_vx_2u4n_firmware

Vulnerable

h

lenovo

thinkagile_vx_2u4n

-

o

lenovo

thinkagile_vx_4u_firmware

Vulnerable

h

lenovo

thinkagile_vx_4u

-

o

lenovo

thinkagile_vx1320_firmware

Vulnerable

h

lenovo

thinkagile_vx1320

-

o

lenovo

thinkagile_vx2320_firmware

Vulnerable

h

lenovo

thinkagile_vx2320

-

o

lenovo

thinkagile_vx2330_firmware

Vulnerable

h

lenovo

thinkagile_vx2330

-

o

lenovo

thinkagile_vx3320_firmware

Vulnerable

h

lenovo

thinkagile_vx3320

-

o

lenovo

thinkagile_vx3330_firmware

Vulnerable

h

lenovo

thinkagile_vx3330

-

o

lenovo

thinkagile_vx3520-g_firmware

Vulnerable

h

lenovo

thinkagile_vx3520-g

-

o

lenovo

thinkagile_vx3530-g_firmware

Vulnerable

h

lenovo

thinkagile_vx3530-g

-

o

lenovo

thinkagile_vx3720_firmware

Vulnerable

h

lenovo

thinkagile_vx3720

-

o

lenovo

thinkagile_vx5520_firmware

Vulnerable

h

lenovo

thinkagile_vx5520

-

o

lenovo

thinkagile_vx5530_firmware

Vulnerable

h

lenovo

thinkagile_vx5530

-

o

lenovo

thinkagile_vx7320_n_firmware

Vulnerable

h

lenovo

thinkagile_vx7320_n

-

o

lenovo

thinkagile_vx7330_firmware

Vulnerable

h

lenovo

thinkagile_vx7330

-

o

lenovo

thinkagile_vx7520_firmware

Vulnerable

h

lenovo

thinkagile_vx7520

-

o

lenovo

thinkagile_vx7520_n_firmware

Vulnerable

h

lenovo

thinkagile_vx7520_n

-

o

lenovo

thinkagile_vx7530_firmware

Vulnerable

h

lenovo

thinkagile_vx7530

-

o

lenovo

thinkagile_vx7531_firmware

Vulnerable

h

lenovo

thinkagile_vx7531

-

o

lenovo

thinkagile_vx7820_firmware

Vulnerable

h

lenovo

thinkagile_vx7820

-

o

lenovo

thinkedge_se450__firmware

Vulnerable

h

lenovo

thinkedge_se450_

-

o

lenovo

thinkstation_p920_firmware

Vulnerable

h

lenovo

thinkstation_p920

-

o

lenovo

thinksystem_sd530_firmware

Vulnerable

h

lenovo

thinksystem_sd530

-

o

lenovo

thinksystem_sd630_v2_firmware

Vulnerable

h

lenovo

thinksystem_sd630_v2

-

o

lenovo

thinksystem_sd650_firmware

Vulnerable

h

lenovo

thinksystem_sd650

-

o

lenovo

thinksystem_sd650_v2_firmware

Vulnerable

h

lenovo

thinksystem_sd650_v2

-

o

lenovo

thinksystem_sd650-n_v2_firmware

Vulnerable

h

lenovo

thinksystem_sd650-n_v2

-

o

lenovo

thinksystem_se350_firmware

Vulnerable

h

lenovo

thinksystem_se350

-

o

lenovo

thinksystem_sn550_firmware

Vulnerable

h

lenovo

thinksystem_sn550

-

o

lenovo

thinksystem_sn550_v2_firmware

Vulnerable

h

lenovo

thinksystem_sn550_v2

-

o

lenovo

thinksystem_sn850_firmware

Vulnerable

h

lenovo

thinksystem_sn850

-

o

lenovo

thinksystem_sr150_firmware

Vulnerable

h

lenovo

thinksystem_sr150

-

o

lenovo

thinksystem_sr158_firmware

Vulnerable

h

lenovo

thinksystem_sr158

-

o

lenovo

thinksystem_sr250_firmware

Vulnerable

h

lenovo

thinksystem_sr250

-

o

lenovo

thinksystem_sr250_v2_firmware

Vulnerable

h

lenovo

thinksystem_sr250_v2

-

o

lenovo

thinksystem_sr258_firmware

Vulnerable

h

lenovo

thinksystem_sr258

-

o

lenovo

thinksystem_sr258_v2_firmware

Vulnerable

h

lenovo

thinksystem_sr258_v2

-

o

lenovo

thinksystem_sr530_firmware

Vulnerable

h

lenovo

thinksystem_sr530

-

o

lenovo

thinksystem_sr550_firmware

Vulnerable

h

lenovo

thinksystem_sr550

-

o

lenovo

thinksystem_sr570_firmware

Vulnerable

h

lenovo

thinksystem_sr570

-

o

lenovo

thinksystem_sr590_firmware

Vulnerable

h

lenovo

thinksystem_sr590

-

o

lenovo

thinksystem_sr630_firmware

Vulnerable

h

lenovo

thinksystem_sr630

-

o

lenovo

thinksystem_sr630_v2_firmware

Vulnerable

h

lenovo

thinksystem_sr630_v2

-

o

lenovo

thinksystem_sr645_firmware

Vulnerable

h

lenovo

thinksystem_sr645

-

o

lenovo

thinksystem_sr645_v3_firmware

Vulnerable

h

lenovo

thinksystem_sr645_v3

-

o

lenovo

thinksystem_sr650_firmware

Vulnerable

h

lenovo

thinksystem_sr650

-

o

lenovo

thinksystem_sr650_v2_firmware

Vulnerable

h

lenovo

thinksystem_sr650_v2

-

o

lenovo

thinksystem_sr665_firmware

Vulnerable

h

lenovo

thinksystem_sr665

-

o

lenovo

thinksystem_sr665_v3_firmware

Vulnerable

h

lenovo

thinksystem_sr665_v3

-

o

lenovo

thinksystem_sr670_firmware

Vulnerable

h

lenovo

thinksystem_sr670

-

o

lenovo

thinksystem_sr670_v2_firmware

Vulnerable

h

lenovo

thinksystem_sr670_v2

-

o

lenovo

thinksystem_sr850_firmware

Vulnerable

h

lenovo

thinksystem_sr850

-

o

lenovo

thinksystem_sr850_v2_firmware

Vulnerable

h

lenovo

thinksystem_sr850_v2

-

o

lenovo

thinksystem_sr850p_firmware

Vulnerable

h

lenovo

thinksystem_sr850p

-

o

lenovo

thinksystem_sr860_firmware

Vulnerable

h

lenovo

thinksystem_sr860

-

o

lenovo

thinksystem_sr860_v2_firmware

Vulnerable

h

lenovo

thinksystem_sr860_v2

-

o

lenovo

thinksystem_sr950_firmware

Vulnerable

h

lenovo

thinksystem_sr950

-

o

lenovo

thinksystem_st250_firmware

Vulnerable

h

lenovo

thinksystem_st250

-

o

lenovo

thinksystem_st250_v2_firmware

Vulnerable

h

lenovo

thinksystem_st250_v2

-

o

lenovo

thinksystem_st258_firmware

Vulnerable

h

lenovo

thinksystem_st258

-

o

lenovo

thinksystem_st258_v2_firmware

Vulnerable

h

lenovo

thinksystem_st258_v2

-

o

lenovo

thinksystem_st550_firmware

Vulnerable

h

lenovo

thinksystem_st550

-

o

lenovo

thinksystem_st650_v2_firmware

Vulnerable

h

lenovo

thinksystem_st650_v2

-

o

lenovo

thinksystem_st658_v2_firmware

Vulnerable

h

lenovo

thinksystem_st658_v2

-

References

https://support.lenovo.com/us/en/product_security/LEN-118321

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

[email protected]

Secondary
CWE-276

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-04-28T21:15:08.673

2 years ago

Last modified

2023-05-10T16:09:19.657

1 year ago