Description


A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

Related CPE's




o

lenovo

thinkagile_hx7530_firmware

2

h

lenovo

thinkagile_hx7530

2





















o

lenovo

thinkagile_hx2330_firmware

2












o

lenovo

thinkagile_hx3331_firmware

2

h

lenovo

thinkagile_hx3331

2



























o

lenovo

thinkagile_hx7531_firmware

2

h

lenovo

thinkagile_hx7531

2
























































































































































Weaknesses



NVD-CWE-noinfo


CWE-276

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-04-28T21:15:08.750

1 year ago

Last modified

2023-05-08T17:27:52.427

1 year ago