CVE-2024-38508

EPSS 0.37%
Published 26.07.2024 20:15:03
Last modified 21.11.2024 09:26:07
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorlenovo

≫

Product thinkagile_hx5530_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7530_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx3331_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx_enclosure_certified_node_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx1021_edg_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx1320_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx1331_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx1321_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx1520-r_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx1521-r_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx2320-e_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx2321_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx2330_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx2331_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx2720-e_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3320_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3321_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3330_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3331

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3375_firmware

Default Statusunknown

Version < 5.61

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3376_firmware

Default Statusunknown

Version < 5.61

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3520-g_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3521-g_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3720_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx3721_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx5520-c_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx5521-c_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx5531_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7520_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7521_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7521_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7530_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7531_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7820_firmware

Default Statusunknown

Version < 3.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_hx7821_firmware

Default Statusunknown

Version < 3.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx1020_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx3330-f_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx3330-h_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx3331-f_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx3331-h_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx3530_f_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx3530-h_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_mx3531-f_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx1320_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx2320_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx2330_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx3320_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx3330_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx3520-g_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx3530-g_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx3720_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx5520_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx5530_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx7320_n_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx7330_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx7520_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx7520_n_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx7530_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx7531_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinkagile_vx7820_firmware

Default Statusunknown

Version < 3.11

Version 0

Status affected

Vendorlenovo

≫

Product thinkstation_p920_workstation_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st250_firmware

Default Statusunknown

Version < 1.12

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sd530_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sd630_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sd650_dual_node_tray_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Version < 6.36

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sd650-n_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sd650_v3_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sd665_v3_firmware

Default Statusunknown

Version < 5.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_se350_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sn550_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Version < 6.36

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sn550_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sn850_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Version < 6.36

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr150_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr158_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr250_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr250_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr258_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr258_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr530_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr550_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr570_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr590_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr630_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr630_v2_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr630_v3_firmware

Default Statusunknown

Version < 4.51

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr635_firmware

Default Statusunknown

Version < 2.81

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr645_firmware

Default Statusunknown

Version < 5.61

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr645_v3_firmware

Default Statusunknown

Version < 2.81

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr650_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr650_v2_firmware

Default Statusunknown

Version < 4.71

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr655_v3_firmware

Default Statusunknown

Version < 2.81

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr665_firmware

Default Statusunknown

Version < 5.61

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr665_v3_firmware

Default Statusunknown

Version < 5.61

Version 0

Status affected

Version < 2.81

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr670_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr670_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr670_v2_firmware

Default Statusunknown

Version < 5.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr675_v3_firmware

Default Statusunknown

Version < 5.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr850_firmware

Default Statusunknown

Version < 6.36

Version 0

Status affected

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr850_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr850_v3_firmware

Default Statusunknown

Version < 1.20

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr850p_firmware

Default Statusunknown

Version < 6.36

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr860_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr860_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr860_v3_firmware

Default Statusunknown

Version < 1.20

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_sr950_firmware

Default Statusunknown

Version < 3.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st250_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st250_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st258_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st258_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st550_firmware

Default Statusunknown

Version < 9.97

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st650_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st650_v3_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st658_v2_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Vendorlenovo

≫

Product thinksystem_st658_v3_firmware

Default Statusunknown

Version < 4.11

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.581

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@lenovo.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://support.lenovo.com/us/en/product_security/LEN-156781

https://nvd.nist.gov/vuln/detail/CVE-2024-38508

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38508

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38508

EUVD