CVE-2023-29058 | Severity.io

Description

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

Related CPE's

thinkagile_hx5530_firmware

Vulnerable

thinkagile_hx5530

o

lenovo

thinkagile_hx7530_firmware

2

h

lenovo

thinkagile_hx7530

2

thinkagile_vx3331_firmware

Vulnerable

thinkagile_vx3331

thinkagile_hx_enclosure_firmware

Vulnerable

thinkagile_hx_enclosure

thinkagile_hx1021_firmware

Vulnerable

thinkagile_hx1021

thinkagile_hx1320_firmware

Vulnerable

thinkagile_hx1320

thinkagile_hx1321_firmware

Vulnerable

thinkagile_hx1321

thinkagile_hx1331_firmware

Vulnerable

thinkagile_hx1331

thinkagile_hx1520-r_firmware

Vulnerable

thinkagile_hx1520-r

thinkagile_hx1521-r_firmware

Vulnerable

thinkagile_hx1521-r

thinkagile_hx2320-e_firmware

Vulnerable

thinkagile_hx2320-e

thinkagile_hx2321_firmware

Vulnerable

thinkagile_hx2321

o

lenovo

thinkagile_hx2330_firmware

2

thinkagile_hx2330

thinkagile_hx2331_firmware

Vulnerable

thinkagile_hx2331

thinkagile_hx2720-e_firmware

Vulnerable

thinkagile_hx2720-e

thinkagile_hx3320_firmware

Vulnerable

thinkagile_hx3320

thinkagile_hx3321_firmware

Vulnerable

thinkagile_hx3321

thinkagile_hx3330_firmware

Vulnerable

thinkagile_hx3330

o

lenovo

thinkagile_hx3331_firmware

2

h

lenovo

thinkagile_hx3331

2

thinkagile_hx3375_firmware

Vulnerable

thinkagile_hx3375

thinkagile_hx3376_firmware

Vulnerable

thinkagile_hx3376

thinkagile_hx3520-g_firmware

Vulnerable

thinkagile_hx3520-g

thinkagile_hx3521-g_firmware

Vulnerable

thinkagile_hx3521-g

thinkagile_hx3720_firmware

Vulnerable

thinkagile_hx3720

thinkagile_hx3721_firmware

Vulnerable

thinkagile_hx3721

thinkagile_hx5520_firmware

Vulnerable

thinkagile_hx5520

thinkagile_hx5520-c_firmware

Vulnerable

thinkagile_hx5520-c

thinkagile_hx5521_firmware

Vulnerable

thinkagile_hx5521

thinkagile_hx5521-c_firmware

Vulnerable

thinkagile_hx5521-c

thinkagile_hx5531_firmware

Vulnerable

thinkagile_hx5531

thinkagile_hx7520_firmware

Vulnerable

thinkagile_hx7520

thinkagile_hx7521_firmware

Vulnerable

thinkagile_hx7521

o

lenovo

thinkagile_hx7531_firmware

2

h

lenovo

thinkagile_hx7531

2

thinkagile_hx7820_firmware

Vulnerable

thinkagile_hx7820

thinkagile_hx7821_firmware

Vulnerable

thinkagile_hx7821

thinkagile_mx1020_firmware

Vulnerable

thinkagile_mx1020

thinkagile_mx3330-f_firmware

Vulnerable

thinkagile_mx3330-f

thinkagile_mx3330-h_firmware

Vulnerable

thinkagile_mx3330-h

thinkagile_mx3331-f_firmware

Vulnerable

thinkagile_mx3331-f

thinkagile_mx3331-h_firmware

Vulnerable

thinkagile_mx3331-h

thinkagile_mx3530_f_firmware

Vulnerable

thinkagile_mx3530_f

thinkagile_mx3530-h_firmware

Vulnerable

thinkagile_mx3530-h

thinkagile_mx3531_h_firmware

Vulnerable

thinkagile_mx3531_h

thinkagile_mx3531-f_firmware

Vulnerable

thinkagile_mx3531-f

thinkagile_mx1021_on_se350_firmware

Vulnerable

thinkagile_mx1021_on_se350

thinkagile_vx_1se_firmware

Vulnerable

thinkagile_vx_1se

thinkagile_vx_2u4n_firmware

Vulnerable

thinkagile_vx_2u4n

thinkagile_vx_4u_firmware

Vulnerable

thinkagile_vx_4u

thinkagile_vx1320_firmware

Vulnerable

thinkagile_vx1320

thinkagile_vx2320_firmware

Vulnerable

thinkagile_vx2320

thinkagile_vx2330_firmware

Vulnerable

thinkagile_vx2330

thinkagile_vx3320_firmware

Vulnerable

thinkagile_vx3320

thinkagile_vx3330_firmware

Vulnerable

thinkagile_vx3330

thinkagile_vx3520-g_firmware

Vulnerable

thinkagile_vx3520-g

thinkagile_vx3530-g_firmware

Vulnerable

thinkagile_vx3530-g

thinkagile_vx3720_firmware

Vulnerable

thinkagile_vx3720

thinkagile_vx5520_firmware

Vulnerable

thinkagile_vx5520

thinkagile_vx5530_firmware

Vulnerable

thinkagile_vx5530

thinkagile_vx7320_n_firmware

Vulnerable

thinkagile_vx7320_n

thinkagile_vx7330_firmware

Vulnerable

thinkagile_vx7330

thinkagile_vx7520_firmware

Vulnerable

thinkagile_vx7520

thinkagile_vx7520_n_firmware

Vulnerable

thinkagile_vx7520_n

thinkagile_vx7530_firmware

Vulnerable

thinkagile_vx7530

thinkagile_vx7531_firmware

Vulnerable

thinkagile_vx7531

thinkagile_vx7820_firmware

Vulnerable

thinkagile_vx7820

thinkedge_se450__firmware

Vulnerable

thinkedge_se450_

thinkstation_p920_firmware

Vulnerable

thinkstation_p920

thinksystem_sd530_firmware

Vulnerable

thinksystem_sd530

thinksystem_sd630_v2_firmware

Vulnerable

thinksystem_sd630_v2

thinksystem_sd650_firmware

Vulnerable

thinksystem_sd650

thinksystem_sd650_v2_firmware

Vulnerable

thinksystem_sd650_v2

thinksystem_sd650-n_v2_firmware

Vulnerable

thinksystem_sd650-n_v2

thinksystem_se350_firmware

Vulnerable

thinksystem_se350

thinksystem_sn550_firmware

Vulnerable

thinksystem_sn550

thinksystem_sn550_v2_firmware

Vulnerable

thinksystem_sn550_v2

thinksystem_sn850_firmware

Vulnerable

thinksystem_sn850

thinksystem_sr150_firmware

Vulnerable

thinksystem_sr150

thinksystem_sr158_firmware

Vulnerable

thinksystem_sr158

thinksystem_sr250_firmware

Vulnerable

thinksystem_sr250

thinksystem_sr250_v2_firmware

Vulnerable

thinksystem_sr250_v2

thinksystem_sr258_firmware

Vulnerable

thinksystem_sr258

thinksystem_sr258_v2_firmware

Vulnerable

thinksystem_sr258_v2

thinksystem_sr530_firmware

Vulnerable

thinksystem_sr530

thinksystem_sr550_firmware

Vulnerable

thinksystem_sr550

thinksystem_sr570_firmware

Vulnerable

thinksystem_sr570

thinksystem_sr590_firmware

Vulnerable

thinksystem_sr590

thinksystem_sr630_firmware

Vulnerable

thinksystem_sr630

thinksystem_sr630_v2_firmware

Vulnerable

thinksystem_sr630_v2

thinksystem_sr645_firmware

Vulnerable

thinksystem_sr645

thinksystem_sr645_v3_firmware

Vulnerable

thinksystem_sr645_v3

thinksystem_sr650_firmware

Vulnerable

thinksystem_sr650

thinksystem_sr650_v2_firmware

Vulnerable

thinksystem_sr650_v2

thinksystem_sr665_firmware

Vulnerable

thinksystem_sr665

thinksystem_sr665_v3_firmware

Vulnerable

thinksystem_sr665_v3

thinksystem_sr670_firmware

Vulnerable

thinksystem_sr670

thinksystem_sr670_v2_firmware

Vulnerable

thinksystem_sr670_v2

thinksystem_sr850_firmware

Vulnerable

thinksystem_sr850

thinksystem_sr850_v2_firmware

Vulnerable

thinksystem_sr850_v2

thinksystem_sr850p_firmware

Vulnerable

thinksystem_sr850p

thinksystem_sr860_firmware

Vulnerable

thinksystem_sr860

thinksystem_sr860_v2_firmware

Vulnerable

thinksystem_sr860_v2

thinksystem_sr950_firmware

Vulnerable

thinksystem_sr950

thinksystem_st250_firmware

Vulnerable

thinksystem_st250

thinksystem_st250_v2_firmware

Vulnerable

thinksystem_st250_v2

thinksystem_st258_firmware

Vulnerable

thinksystem_st258

thinksystem_st258_v2_firmware

Vulnerable

thinksystem_st258_v2

thinksystem_st550_firmware

Vulnerable

thinksystem_st550

thinksystem_st650_v2_firmware

Vulnerable

thinksystem_st650_v2

thinksystem_st658_v2_firmware

Vulnerable

thinksystem_st658_v2

References

https://support.lenovo.com/us/en/product_security/LEN-118321

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-118321

Vendor Advisory

Weaknesses

[email protected]

Secondary

CWE-276

[email protected]

Primary

NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H

6.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-04-28T19:15:08.750Z

2 years ago

Last modified

2024-11-21T06:56:28.387Z

1 year ago