Description
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
Related CPE's
Vulnerable
o
lenovo
thinkagile_hx7530_firmware
2
h
lenovo
thinkagile_hx7530
2
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
o
lenovo
thinkagile_hx2330_firmware
2
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
o
lenovo
thinkagile_hx3331_firmware
2
h
lenovo
thinkagile_hx3331
2
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
o
lenovo
thinkagile_hx7531_firmware
2
h
lenovo
thinkagile_hx7531
2
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
Vulnerable
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2023-04-28T21:15:08.750
1 year agoLast modified
2023-05-08T17:27:52.427
1 year ago