CVE-2024-38510
- EPSS 0.37%
- Published 26.07.2024 20:15:04
- Last modified 21.11.2024 09:26:07
A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
CVE-2024-38511
- EPSS 0.35%
- Published 26.07.2024 20:15:04
- Last modified 21.11.2024 09:26:07
A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
CVE-2024-38512
- EPSS 0.37%
- Published 26.07.2024 20:15:04
- Last modified 21.11.2024 09:26:07
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
CVE-2024-38508
- EPSS 0.37%
- Published 26.07.2024 20:15:03
- Last modified 21.11.2024 09:26:07
A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.
CVE-2024-38509
- EPSS 0.29%
- Published 26.07.2024 20:15:03
- Last modified 21.11.2024 09:26:07
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
CVE-2023-4607
- EPSS 0.13%
- Published 25.10.2023 18:17:41
- Last modified 21.11.2024 08:35:32
An authenticated XCC user can change permissions for any user through a crafted API command.
CVE-2022-40137
- EPSS 0.04%
- Published 30.01.2023 22:15:12
- Last modified 21.11.2024 07:20:57
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.