CVE-2024-8278
Published: Sep 13, 2024
Modified: Sep 13, 2024
CVSS v3.1
7.2
Description
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
| Vendor | Product | Versions |
|---|---|---|
Lenovo | HX5530 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX7530 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | ST250 V3 (ThinkSystem) XCC | affected 0 - < 2.10 CTX312G |
Lenovo | VX3331 Certified Node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX Enclosure Certified Node (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | HX1021 Edge Certified Node 3yr (ThinkAgile) XCC | affected 0 - < 4.11 TEI3E4A |
Lenovo | HX1320 Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX1321 Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX1331 Certified Node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX1520-R Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX1521-R Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX2320-E Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX2321 Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX2330 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX2331 Certified Node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX2720-E Appliance (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | HX3320 Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX3321 Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX3330 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX3331 Certified Node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX3331 Node SAP HANA (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX3375 Appliance (ThinkAgile) XCC | affected 0 - < 5.61 D8BT64D |
Lenovo | HX3376 Certified Node (ThinkAgile) XCC | affected 0 - < 5.61 D8BT64D |
Lenovo | HX3520-G Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX3521-G Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX3720 Appliance (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | HX3721 Certified Node (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | HX5520 Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX5520-C Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX5521 Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX5521-C Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX5531 Certified Node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX7520 Appliance (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX7521 Certified Node (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | HX7530 Appl for SAP HANA (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX7531 Certified Node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX7531 Node SAP HANA (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | HX7820 Appliance (ThinkAgile) XCC | affected 0 - < 3.11 PSI354A |
Lenovo | HX7821 Certified Node (ThinkAgile) XCC | affected 0 - < 3.11 PSI354A |
Lenovo | MX Edge Appliance - MX1020 (ThinkAgile) XCC | affected 0 - < 4.11 TEI3E4A |
Lenovo | MX3330-F All-flash Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | MX3330-H Hybrid Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | MX3331-F All-flash Certified node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | MX3331-H Hybrid Certified node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | MX3530 F All flash Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | MX3530-H Hybrid Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | MX3531 H Hybrid Certified node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | MX3531-F All-flash Certified node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | P920 Rack Workstation (ThinkStation) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | SD530 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SD530 V3 (ThinkSystem) XCC | affected 0 - < 1.20 USX352 |
Lenovo | SD550 V3 (ThinkSystem) XCC | affected 0 - < 1.20 USX352 |
Lenovo | SD630 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SD650 DWC Dual Node Tray (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SD650 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SD650 V3 (ThinkSystem) XCC | affected 0 - < 6.10 USX350G |
Lenovo | SD650-N V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SD665 V3 (ThinkSystem) XCC | affected 0 - < 6.10 QGX340J |
Lenovo | SE350 (ThinkSystem) XCC | affected 0 - < 4.11 TEI3E4A |
Lenovo | SE350 V2 (ThinkEdge) XCC | affected 0 - < 3.11 IYX328M |
Lenovo | SE360 V2 (ThinkEdge) XCC | affected 0 - < 3.11 IYX328M |
Lenovo | SE450 (ThinkEdge) XCC | affected 0 - < 3.11 USX332X |
Lenovo | SE455 V3 (ThinkEdge) XCC | affected 0 - < 3.10 MBX308L |
Lenovo | SN550 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SN550 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SN850 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SR150 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SR158 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SR250 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SR250 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SR250 V3 (ThinkSystem) XCC | affected 0 - < 2.10 CTX312G |
Lenovo | SR258 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SR258 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SR258 V3 (ThinkSystem) XCC | affected 0 - < 2.10 CTX312G |
Lenovo | SR530 (ThinkSystem) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | SR550 (ThinkSystem) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | SR570 (ThinkSystem) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | SR590 (ThinkSystem) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | SR630 (ThinkSystem) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | SR630 V2 (ThinkSystem) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | SR630 V3 (ThinkSystem) XCC | affected 0 - < 5.10 ESX330M |
Lenovo | SR635 V3 (ThinkSystem) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | SR645 (ThinkSystem) XCC | affected 0 - < 5.61 D8BT64D |
Lenovo | SR645 V3 (ThinkSystem) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | SR650 (ThinkSystem) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | SR650 V2 (ThinkSystem) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | SR650 V3 (ThinkSystem) XCC | affected 0 - < 5.10 ESX330M |
Lenovo | SR655 V3 (ThinkSystem) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | SR665 (ThinkSystem) XCC | affected 0 - < 5.61 D8BT64D |
Lenovo | SR665 V3 (ThinkSystem) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | SR670 (ThinkSystem) XCC | affected 0 - < 4.11 TEI3E4A |
Lenovo | SR670 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SR675 V3 (ThinkSystem) XCC | affected 0 - < 6.10 QGX340J |
Lenovo | SR850 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SR850 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SR850 V3 (ThinkSystem) XCC | affected 0 - < 4.10 RSX312I |
Lenovo | SR850P (ThinkSystem) XCC | affected 0 - < 4.11 TEI3E4A |
Lenovo | SR860 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | SR860 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | SR860 V3 (ThinkSystem) XCC | affected 0 - < 4.10 RSX312I |
Lenovo | SR950 (ThinkSystem) XCC | affected 0 - < 3.11 PSI354A |
Lenovo | SR950 V3 (ThinkSystem) XCC | affected 0 - < 3.10 EBX308I |
Lenovo | ST250 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | ST250 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | ST258 (ThinkSystem) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | ST258 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | ST258 V3 (ThinkSystem) XCC | affected 0 - < 2.10 CTX312G |
Lenovo | ST550 (ThinkSystem) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | ST650 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | ST650 V3 (ThinkSystem) XCC | affected 0 - < 6.10 USX350G |
Lenovo | ST658 V2 (ThinkSystem) XCC | affected 0 - < 4.11 TGBT50C |
Lenovo | ST658 V3 (ThinkSystem) XCC | affected 0 - < 6.10 USX350G |
Lenovo | ThinkAgile MX1021 on SE350 XCC | affected 0 - < 4.11 TEI3E4A |
Lenovo | VX 1SE Certified Node (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | VX 2U4N Certified Node (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | VX 4U Certified Node (ThinkAgile) XCC | affected 0 - < 3.11 PSI354A |
Lenovo | VX1320 (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | VX2320 (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | VX2330 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | VX3320 (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | VX3330 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | VX3520-G (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | VX3530-G Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | VX3720 (ThinkAgile) XCC | affected 0 - < 6.36 TEI3F4A |
Lenovo | VX5520 (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | VX5530 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | VX635 V3 Integrated System (ThinkAgile) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | VX645 V3 Certified Node (ThinkAgile) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | VX645 V3 Integrated System (ThinkAgile) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | VX655 V3 Certified Node (ThinkAgile) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | VX655 V3 Integrated System (ThinkAgile) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | VX665 V3 Certified Node (ThinkAgile) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | VX665 V3 Integrated System (ThinkAgile) XCC | affected 0 - < 3.20 KAX334O |
Lenovo | VX7320 N (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | VX7330 Appliance (Thinkagile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | VX7520 (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | VX7520 N (ThinkAgile) XCC | affected 0 - < 9.97 CDI3B4B |
Lenovo | VX7530 Appliance (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | VX7531 Certified Node (ThinkAgile) XCC | affected 0 - < 4.71 AFBT48C |
Lenovo | VX7820 (ThinkAgile) XCC | affected 0 - < 3.11 PSI354A |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now