8.8
CVE-2023-4607
- EPSS 0.13%
- Published 25.10.2023 18:17:41
- Last modified 21.11.2024 08:35:32
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
An authenticated XCC user can change permissions for any user through a crafted API command.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Thinkagile Hx5530 Firmware Version-
Lenovo ≫ Thinkagile Hx7530 Firmware Version-
Lenovo ≫ Thinkagile Vx3331 Firmware Version-
Lenovo ≫ Thinkagile Hx1331 Firmware Version-
Lenovo ≫ Thinkagile Hx2330 Firmware Version-
Lenovo ≫ Thinkagile Hx2331 Firmware Version-
Lenovo ≫ Thinkagile Hx3330 Firmware Version-
Lenovo ≫ Thinkagile Hx3331 Firmware Version-
Lenovo ≫ Thinkagile Hx3331 Firmware Version-
Lenovo ≫ Thinkagile Hx3375 Firmware Version-
Lenovo ≫ Thinkagile Hx3376 Firmware Version-
Lenovo ≫ Thinkagile Hx5531 Firmware Version-
Lenovo ≫ Thinkagile Hx7530 Firmware Version-
Lenovo ≫ Thinkagile Hx7531 Firmware Version-
Lenovo ≫ Thinkagile Hx7531 Firmware Version-
Lenovo ≫ Thinkagile Mx3330-f All-flash Firmware Version-
Lenovo ≫ Thinkagile Mx3330-h Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3331-f All-flash Firmware Version-
Lenovo ≫ Thinkagile Mx3331-h Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3530 F All Flash Firmware Version-
Lenovo ≫ Thinkagile Mx3530-h Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3531 H Hybrid Firmware Version-
Lenovo ≫ Thinkagile Mx3531-f All-flash Firmware Version-
Lenovo ≫ Thinkagile Vx2330 Firmware Version-
Lenovo ≫ Thinkagile Vx3330 Firmware Version-
Lenovo ≫ Thinkagile Vx3530-g Firmware Version-
Lenovo ≫ Thinkagile Vx5530 Firmware Version-
Lenovo ≫ Thinkagile Vx7330 Firmware Version-
Lenovo ≫ Thinkagile Vx7530 Firmware Version-
Lenovo ≫ Thinkagile Vx7531 Firmware Version-
Lenovo ≫ Thinksystem Sd630 V2 Firmware Version-
Lenovo ≫ Thinksystem Sd650 V2 Firmware Version-
Lenovo ≫ Thinksystem Sd650 V3 Firmware Version-
Lenovo ≫ Thinksystem Sd650-n V2 Firmware Version-
Lenovo ≫ Thinksystem Sd665 V3 Firmware Version-
Lenovo ≫ Thinksystem Sn550 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr250 Firmware Version-
Lenovo ≫ Thinksystem Sr258 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr630 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr630 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr635 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr645 Firmware Version-
Lenovo ≫ Thinksystem Sr645 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr650 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr650 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr655 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr665 Firmware Version-
Lenovo ≫ Thinksystem Sr665 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr670 Firmware Version-
Lenovo ≫ Thinksystem Sr670 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr675 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr850 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr850 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr850 V3 Firmware Version-
Lenovo ≫ Thinksystem Sr860 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr860 V2 Firmware Version-
Lenovo ≫ Thinksystem Sr860 V3 Firmware Version-
Lenovo ≫ Thinksystem St250 V2 Firmware Version-
Lenovo ≫ Thinksystem St258 V2 Firmware Version-
Lenovo ≫ Thinksystem St650 V2 Firmware Version-
Lenovo ≫ Thinksystem St650 V3 Firmware Version-
Lenovo ≫ Thinksystem St658 V2 Firmware Version-
Lenovo ≫ Thinksystem St658 V3 Firmware Version-
Lenovo ≫ Thinkagile Hx Enclosure Firmware Version-
Lenovo ≫ Thinkagile Hx1021 Edg Firmware Version-
Lenovo ≫ Thinkagile Hx1320 Firmware Version-
Lenovo ≫ Thinkagile Hx1321 Firmware Version-
Lenovo ≫ Thinkagile Hx1520-r Firmware Version-
Lenovo ≫ Thinkagile Hx1521-r Firmware Version-
Lenovo ≫ Thinkagile Hx2320-e Firmware Version-
Lenovo ≫ Thinkagile Hx2321 Firmware Version-
Lenovo ≫ Thinkagile Hx2720-e Firmware Version-
Lenovo ≫ Thinkagile Hx3320 Firmware Version-
Lenovo ≫ Thinkagile Hx3321 Firmware Version-
Lenovo ≫ Thinkagile Hx3520-g Firmware Version-
Lenovo ≫ Thinkagile Hx3521-g Firmware Version-
Lenovo ≫ Thinkagile Hx3720 Firmware Version-
Lenovo ≫ Thinkagile Hx3721 Firmware Version-
Lenovo ≫ Thinkagile Hx5520 Firmware Version-
Lenovo ≫ Thinkagile Hx5520-c Firmware Version-
Lenovo ≫ Thinkagile Hx5521 Firmware Version-
Lenovo ≫ Thinkagile Hx5521-c Firmware Version-
Lenovo ≫ Thinkagile Hx7520 Firmware Version-
Lenovo ≫ Thinkagile Hx7521 Firmware Version-
Lenovo ≫ Thinkagile Hx7820 Firmware Version-
Lenovo ≫ Thinkagile Hx7821 Firmware Version-
Lenovo ≫ Thinkagile Mx Edge- Mx1020 Firmware Version-
Lenovo ≫ Thinkagile Mx630 V3 Firmware Version-
Lenovo ≫ Thinkagile Mx650 V3 Firmware Version-
Lenovo ≫ Thinkagile Mx1021 On Se350 Firmware Version-
Lenovo ≫ Thinkagile Mx1021 On Se350 Firmware Version-
Lenovo ≫ Thinkagile Vx 1se Firmware Version-
Lenovo ≫ Thinkagile Vx 2u4n Firmware Version-
Lenovo ≫ Thinkagile Vx 4u Firmware Version-
Lenovo ≫ Thinkagile Vx1320 Firmware Version-
Lenovo ≫ Thinkagile Vx2320 Firmware Version-
Lenovo ≫ Thinkagile Vx3320 Firmware Version-
Lenovo ≫ Thinkagile Vx3520-g Firmware Version-
Lenovo ≫ Thinkagile Vx3720 Firmware Version-
Lenovo ≫ Thinkagile Vx5520 Firmware Version-
Lenovo ≫ Thinkagile Vx7320 N Firmware Version-
Lenovo ≫ Thinkagile Vx7520 Firmware Version-
Lenovo ≫ Thinkagile Vx7520 N Firmware Version-
Lenovo ≫ Thinkagile Vx7820 Firmware Version-
Lenovo ≫ Thinkedge Se450 Firmware Version-
Lenovo ≫ Thinksystem Sd530 Firmware Version-
Lenovo ≫ Thinksystem Sd650 Dual Node Tray Firmware Version-
Lenovo ≫ Thinksystem Se350 Firmware Version-
Lenovo ≫ Thinksystem Se350 Firmware Version-
Lenovo ≫ Thinksystem Sn550 Firmware Version-
Lenovo ≫ Thinksystem Sn550 Firmware Version-
Lenovo ≫ Thinksystem Sn850 Firmware Version-
Lenovo ≫ Thinksystem Sn850 Firmware Version-
Lenovo ≫ Thinksystem Sr150 Firmware Version-
Lenovo ≫ Thinksystem Sr158 Firmware Version-
Lenovo ≫ Thinksystem Sr250 Firmware Version-
Lenovo ≫ Thinksystem Sr258 Firmware Version-
Lenovo ≫ Thinksystem Sr530 Firmware Version-
Lenovo ≫ Thinksystem Sr550 Firmware Version-
Lenovo ≫ Thinksystem Sr570 Firmware Version-
Lenovo ≫ Thinksystem Sr590 Firmware Version-
Lenovo ≫ Thinksystem Sr630 Firmware Version-
Lenovo ≫ Thinksystem Sr650 Firmware Version-
Lenovo ≫ Thinksystem Sr670 Firmware Version-
Lenovo ≫ Thinksystem Sr850 Firmware Version-
Lenovo ≫ Thinksystem Sr850 Firmware Version-
Lenovo ≫ Thinksystem Sr850p Firmware Version-
Lenovo ≫ Thinksystem Sr860 Firmware Version-
Lenovo ≫ Thinksystem Sr860 Firmware Version-
Lenovo ≫ Thinksystem Sr950 Firmware Version-
Lenovo ≫ Thinksystem St250 Firmware Version-
Lenovo ≫ Thinksystem St258 Firmware Version-
Lenovo ≫ Thinksystem St550 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.325 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@lenovo.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.