A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:HLenovo Thinkagile Hx1021
HWLenovowszystkie wersjeLenovo Thinkagile Hx1021 Firmware
OSLenovo< 3.72_tei388sLenovo Thinkagile Hx1320
HWLenovowszystkie wersjeLenovo Thinkagile Hx1320 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx1321
HWLenovowszystkie wersjeLenovo Thinkagile Hx1321 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx1331
HWLenovowszystkie wersjeLenovo Thinkagile Hx1331 Firmware
OSLenovo< 2.93_afbt30pLenovo Thinkagile Hx1520 R
HWLenovowszystkie wersjeLenovo Thinkagile Hx1520 R Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx1521 R
HWLenovowszystkie wersjeLenovo Thinkagile Hx1521 R Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx2320 E
HWLenovowszystkie wersjeLenovo Thinkagile Hx2320 E Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx2321
HWLenovowszystkie wersjeLenovo Thinkagile Hx2321 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx2330
HWLenovowszystkie wersjeLenovo Thinkagile Hx2330 Firmware
OSLenovo2.93_afbt30p< 2.93_afbt30pLenovo Thinkagile Hx2331
HWLenovowszystkie wersjeLenovo Thinkagile Hx2331 Firmware
OSLenovo< 2.93_afbt30pLenovo Thinkagile Hx2720 E
HWLenovowszystkie wersjeLenovo Thinkagile Hx2720 E Firmware
OSLenovo< 3.72_tei388sLenovo Thinkagile Hx3320
HWLenovowszystkie wersjeLenovo Thinkagile Hx3320 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx3321
HWLenovowszystkie wersjeLenovo Thinkagile Hx3321 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx3330
HWLenovowszystkie wersjeLenovo Thinkagile Hx3330 Firmware
OSLenovo< 2.93_afbt30pLenovo Thinkagile Hx3331
HWLenovowszystkie wersjeLenovo Thinkagile Hx3331 Firmware
OSLenovo< 2.93_afbt30p< 4.71_d8bt48p
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2024-2659HIGH7.2ten sam produkt
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...
CVE-2023-4606HIGH8.1ten sam produkt
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted A...
CVE-2023-4607HIGH7.5ten sam produkt
An authenticated XCC user can change permissions for any user through a crafted API command.
CVE-2023-29057HIGH7.3ten sam produkt
A valid XCC user's local account permissions overrides their active directory permissions under specific confi...
CVE-2022-34884HIGH7.2ten sam produkt
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...