A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:HLenovo Thinkagile Hx1021
HWLenovowszystkie wersjeLenovo Thinkagile Hx1021 Firmware
OSLenovo< 3.72_tei388sLenovo Thinkagile Hx1320
HWLenovowszystkie wersjeLenovo Thinkagile Hx1320 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx1321
HWLenovowszystkie wersjeLenovo Thinkagile Hx1321 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx1331
HWLenovowszystkie wersjeLenovo Thinkagile Hx1331 Firmware
OSLenovo< 2.93_afbt30pLenovo Thinkagile Hx1520 R
HWLenovowszystkie wersjeLenovo Thinkagile Hx1520 R Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx1521 R
HWLenovowszystkie wersjeLenovo Thinkagile Hx1521 R Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx2320 E
HWLenovowszystkie wersjeLenovo Thinkagile Hx2320 E Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx2321
HWLenovowszystkie wersjeLenovo Thinkagile Hx2321 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx2330
HWLenovowszystkie wersjeLenovo Thinkagile Hx2330 Firmware
OSLenovo2.93_afbt30p< 2.93_afbt30pLenovo Thinkagile Hx2331
HWLenovowszystkie wersjeLenovo Thinkagile Hx2331 Firmware
OSLenovo< 2.93_afbt30pLenovo Thinkagile Hx2720 E
HWLenovowszystkie wersjeLenovo Thinkagile Hx2720 E Firmware
OSLenovo< 3.72_tei388sLenovo Thinkagile Hx3320
HWLenovowszystkie wersjeLenovo Thinkagile Hx3320 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx3321
HWLenovowszystkie wersjeLenovo Thinkagile Hx3321 Firmware
OSLenovo< 8.88_cdi3a4aLenovo Thinkagile Hx3330
HWLenovowszystkie wersjeLenovo Thinkagile Hx3330 Firmware
OSLenovo< 2.93_afbt30pLenovo Thinkagile Hx3331
HWLenovowszystkie wersjeLenovo Thinkagile Hx3331 Firmware
OSLenovo< 2.93_afbt30p< 4.71_d8bt48p
Powiązane podatności
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...
An authenticated XCC user can change permissions for any user through a crafted API command.
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted A...
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically craf...
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...