8.8

CVE-2023-29057

EPSS 0.12%
Veröffentlicht 28.04.2023 21:15:08
Zuletzt bearbeitet 21.11.2024 07:56:28
Quelle psirt@lenovo.com
Teams Watchlist Login
Unerledigt Login

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ Thinkagile Hx5530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx5530 Version-

Lenovo ≫ Thinkagile Hx7530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7530 Version-

Lenovo ≫ Thinkagile Vx3331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx3331 Version-

Lenovo ≫ Thinkagile Hx Enclosure Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx Enclosure Version-

Lenovo ≫ Thinkagile Hx1021 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx1021 Version-

Lenovo ≫ Thinkagile Hx1320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1320 Version-

Lenovo ≫ Thinkagile Hx1321 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1321 Version-

Lenovo ≫ Thinkagile Hx1331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx1331 Version-

Lenovo ≫ Thinkagile Hx1520-r Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1520-r Version-

Lenovo ≫ Thinkagile Hx1521-r Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx1521-r Version-

Lenovo ≫ Thinkagile Hx2320-e Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx2320-e Version-

Lenovo ≫ Thinkagile Hx2321 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx2321 Version-

Lenovo ≫ Thinkagile Hx2330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx2330 Version-

Lenovo ≫ Thinkagile Hx2330 Firmware Version2.93_afbt30p

Lenovo ≫ Thinkagile Hx2330 Version-

Lenovo ≫ Thinkagile Hx2331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx2331 Version-

Lenovo ≫ Thinkagile Hx2720-e Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx2720-e Version-

Lenovo ≫ Thinkagile Hx3320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3320 Version-

Lenovo ≫ Thinkagile Hx3321 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3321 Version-

Lenovo ≫ Thinkagile Hx3330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx3330 Version-

Lenovo ≫ Thinkagile Hx3331 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx3331 Version-

Lenovo ≫ Thinkagile Hx3331 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinkagile Hx3331 Version-

Lenovo ≫ Thinkagile Hx3375 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinkagile Hx3375 Version-

Lenovo ≫ Thinkagile Hx3376 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3376 Version-

Lenovo ≫ Thinkagile Hx3520-g Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3520-g Version-

Lenovo ≫ Thinkagile Hx3521-g Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx3521-g Version-

Lenovo ≫ Thinkagile Hx3720 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx3720 Version-

Lenovo ≫ Thinkagile Hx3721 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx3721 Version-

Lenovo ≫ Thinkagile Hx5520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5520 Version-

Lenovo ≫ Thinkagile Hx5520-c Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5520-c Version-

Lenovo ≫ Thinkagile Hx5521 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5521 Version-

Lenovo ≫ Thinkagile Hx5521-c Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx5521-c Version-

Lenovo ≫ Thinkagile Hx5531 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx5531 Version-

Lenovo ≫ Thinkagile Hx7520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Hx7520 Version-

Lenovo ≫ Thinkagile Hx7521 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7521 Version-

Lenovo ≫ Thinkagile Hx7530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7530 Version-

Lenovo ≫ Thinkagile Hx7531 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Hx7531 Version-

Lenovo ≫ Thinkagile Hx7531 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Hx7531 Version-

Lenovo ≫ Thinkagile Hx7820 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Hx7820 Version-

Lenovo ≫ Thinkagile Hx7821 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Hx7821 Version-

Lenovo ≫ Thinkagile Mx1020 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx1020 Version-

Lenovo ≫ Thinkagile Mx3330-f Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3330-f Version-

Lenovo ≫ Thinkagile Mx3330-h Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3330-h Version-

Lenovo ≫ Thinkagile Mx3331-f Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3331-f Version-

Lenovo ≫ Thinkagile Mx3331-h Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3331-h Version-

Lenovo ≫ Thinkagile Mx3530 F Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3530 F Version-

Lenovo ≫ Thinkagile Mx3530-h Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3530-h Version-

Lenovo ≫ Thinkagile Mx3531 H Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Mx3531 H Version-

Lenovo ≫ Thinkagile Mx3531-f Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Mx3531-f Version-

Lenovo ≫ Thinkagile Mx1021 On Se350 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Mx1021 On Se350 Version-

Lenovo ≫ Thinkagile Vx 1se Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx 1se Version-

Lenovo ≫ Thinkagile Vx 2u4n Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx 2u4n Version-

Lenovo ≫ Thinkagile Vx 4u Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Vx 4u Version-

Lenovo ≫ Thinkagile Vx1320 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx1320 Version-

Lenovo ≫ Thinkagile Vx2320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx2320 Version-

Lenovo ≫ Thinkagile Vx2330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx2330 Version-

Lenovo ≫ Thinkagile Vx3320 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx3320 Version-

Lenovo ≫ Thinkagile Vx3330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx3330 Version-

Lenovo ≫ Thinkagile Vx3520-g Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx3520-g Version-

Lenovo ≫ Thinkagile Vx3530-g Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx3530-g Version-

Lenovo ≫ Thinkagile Vx3720 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinkagile Vx3720 Version-

Lenovo ≫ Thinkagile Vx5520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx5520 Version-

Lenovo ≫ Thinkagile Vx5530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx5530 Version-

Lenovo ≫ Thinkagile Vx7320 N Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx7320 N Version-

Lenovo ≫ Thinkagile Vx7330 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx7330 Version-

Lenovo ≫ Thinkagile Vx7520 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx7520 Version-

Lenovo ≫ Thinkagile Vx7520 N Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkagile Vx7520 N Version-

Lenovo ≫ Thinkagile Vx7530 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx7530 Version-

Lenovo ≫ Thinkagile Vx7531 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinkagile Vx7531 Version-

Lenovo ≫ Thinkagile Vx7820 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinkagile Vx7820 Version-

Lenovo ≫ Thinkedge Se450 Firmware Version < 1.60_usx324o

Lenovo ≫ Thinkedge Se450 Version-

Lenovo ≫ Thinkstation P920 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinkstation P920 Version-

Lenovo ≫ Thinksystem Sd530 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sd530 Version-

Lenovo ≫ Thinksystem Sd630 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sd630 V2 Version-

Lenovo ≫ Thinksystem Sd650 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sd650 Version-

Lenovo ≫ Thinksystem Sd650 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sd650 V2 Version-

Lenovo ≫ Thinksystem Sd650-n V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sd650-n V2 Version-

Lenovo ≫ Thinksystem Se350 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Se350 Version-

Lenovo ≫ Thinksystem Sn550 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sn550 Version-

Lenovo ≫ Thinksystem Sn550 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sn550 V2 Version-

Lenovo ≫ Thinksystem Sn850 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sn850 Version-

Lenovo ≫ Thinksystem Sr150 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr150 Version-

Lenovo ≫ Thinksystem Sr158 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr158 Version-

Lenovo ≫ Thinksystem Sr250 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr250 Version-

Lenovo ≫ Thinksystem Sr250 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr250 V2 Version-

Lenovo ≫ Thinksystem Sr258 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr258 Version-

Lenovo ≫ Thinksystem Sr258 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr258 V2 Version-

Lenovo ≫ Thinksystem Sr530 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr530 Version-

Lenovo ≫ Thinksystem Sr550 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr550 Version-

Lenovo ≫ Thinksystem Sr570 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr570 Version-

Lenovo ≫ Thinksystem Sr590 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr590 Version-

Lenovo ≫ Thinksystem Sr630 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr630 Version-

Lenovo ≫ Thinksystem Sr630 V2 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinksystem Sr630 V2 Version-

Lenovo ≫ Thinksystem Sr645 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr645 Version-

Lenovo ≫ Thinksystem Sr645 V3 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr645 V3 Version-

Lenovo ≫ Thinksystem Sr650 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem Sr650 Version-

Lenovo ≫ Thinksystem Sr650 V2 Firmware Version < 2.93_afbt30p

Lenovo ≫ Thinksystem Sr650 V2 Version-

Lenovo ≫ Thinksystem Sr665 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr665 Version-

Lenovo ≫ Thinksystem Sr665 V3 Firmware Version < 4.71_d8bt48p

Lenovo ≫ Thinksystem Sr665 V3 Version-

Lenovo ≫ Thinksystem Sr670 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr670 Version-

Lenovo ≫ Thinksystem Sr670 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr670 V2 Version-

Lenovo ≫ Thinksystem Sr850 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr850 Version-

Lenovo ≫ Thinksystem Sr850 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr850 V2 Version-

Lenovo ≫ Thinksystem Sr850p Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr850p Version-

Lenovo ≫ Thinksystem Sr860 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem Sr860 Version-

Lenovo ≫ Thinksystem Sr860 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem Sr860 V2 Version-

Lenovo ≫ Thinksystem Sr950 Firmware Version < 2.75_psi348s

Lenovo ≫ Thinksystem Sr950 Version-

Lenovo ≫ Thinksystem St250 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem St250 Version-

Lenovo ≫ Thinksystem St250 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St250 V2 Version-

Lenovo ≫ Thinksystem St258 Firmware Version < 3.72_tei388s

Lenovo ≫ Thinksystem St258 Version-

Lenovo ≫ Thinksystem St258 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St258 V2 Version-

Lenovo ≫ Thinksystem St550 Firmware Version < 8.88_cdi3a4a

Lenovo ≫ Thinksystem St550 Version-

Lenovo ≫ Thinksystem St650 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St650 V2 Version-

Lenovo ≫ Thinksystem St658 V2 Firmware Version < 2.60_tgbt42h

Lenovo ≫ Thinksystem St658 V2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.313

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	7.3	2.1	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://support.lenovo.com/us/en/product_security/LEN-118321

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29057

EUVD