7.2
CVE-2024-8278
- EPSS 1.44%
- Veröffentlicht 13.09.2024 18:15:06
- Zuletzt bearbeitet 14.09.2024 11:47:14
- Quelle psirt@lenovo.com
- Teams Watchlist Login
- Unerledigt Login
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerlenovo
≫
Produkt
thinksystem_st650_v3_firmware
Default Statusunaffected
Version <
6.10_usx350g
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_sr675_v3_firmware
Default Statusunaffected
Version <
6.10_qgx340j
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkedge_se350_v2_firmware
Default Statusunaffected
Version <
3.11_iyx328m
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkedge_se450__firmware
Default Statusunaffected
Version <
3.11_usx332x
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkedge_se455_v3_firmware
Default Statusunaffected
Version <
3.10_mbx308l
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkagile_hx7530_firmware
Default Statusunaffected
Version <
4.71_afbt48c
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_st250_v3_firmware
Default Statusunaffected
Version <
2.10_ctx213g
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkagile_hx1320_firmware
Default Statusunknown
Version <
9.97_cdi3b4b
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkagile_hx3375_firmware
Default Statusunaffected
Version <
5.61_d8bt64d
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkagile_hx_enclosure_certified_node_firmware
Default Statusunaffected
Version <
6.36_tei3f4a
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkagile_hx1021_edge_certified_node_3yr_firmware
Default Statusunaffected
Version <
4.11_tei3e4a
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinkagile_hx7820_firmware
Default Statusunaffected
Version <
3.11_psi354a
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_sd530_v3_firmware
Default Statusunaffected
Version <
1.20_usx352
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_sd630_v2_firmware
Default Statusunaffected
Version <
4.11_tgbt50c
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_sr630_v3_firmware
Default Statusunaffected
Version <
5.10_esx330m
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_sr635_v3_firmware
Default Statusunaffected
Version <
3.20_kax334o
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_sr850_v3_firmware
Default Statusunaffected
Version <
4.10_rsx312i
Version
0
Status
affected
Herstellerlenovo
≫
Produkt
thinksystem_sr950_v3_firmware
Default Statusunaffected
Version <
3.10_ebx308i
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.798 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@lenovo.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.