Description
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
Reserved 2024-08-28 | Published 2024-09-13 | Updated 2024-09-13 | Assigner
lenovoHIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Problem types
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Product status
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 2.10 CTX312G
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TEI3E4A
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 5.61 D8BT64D
affected
Default status
unaffected
Any version before 5.61 D8BT64D
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 3.11 PSI354A
affected
Default status
unaffected
Any version before 3.11 PSI354A
affected
Default status
unaffected
Any version before 4.11 TEI3E4A
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 1.20 USX352
affected
Default status
unaffected
Any version before 1.20 USX352
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.10 USX350G
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.10 QGX340J
affected
Default status
unaffected
Any version before 4.11 TEI3E4A
affected
Default status
unaffected
Any version before 3.11 IYX328M
affected
Default status
unaffected
Any version before 3.11 IYX328M
affected
Default status
unaffected
Any version before 3.11 USX332X
affected
Default status
unaffected
Any version before 3.10 MBX308L
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 2.10 CTX312G
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 2.10 CTX312G
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 5.10 ESX330M
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 5.61 D8BT64D
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 5.10 ESX330M
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 5.61 D8BT64D
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 4.11 TEI3E4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.10 QGX340J
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 4.10 RSX312I
affected
Default status
unaffected
Any version before 4.11 TEI3E4A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 4.10 RSX312I
affected
Default status
unaffected
Any version before 3.11 PSI354A
affected
Default status
unaffected
Any version before 3.10 EBX308I
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 2.10 CTX312G
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.10 USX350G
affected
Default status
unaffected
Any version before 4.11 TGBT50C
affected
Default status
unaffected
Any version before 6.10 USX350G
affected
Default status
unaffected
Any version before 4.11 TEI3E4A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 3.11 PSI354A
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 6.36 TEI3F4A
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 3.20 KAX334O
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 9.97 CDI3B4B
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 4.71 AFBT48C
affected
Default status
unaffected
Any version before 3.11 PSI354A
affected
References
support.lenovo.com/us/en/product_security/LEN-172051
cve.org (CVE-2024-8278)
nvd.nist.gov (CVE-2024-8278)
Download JSON
Subscribe to our newsletter to learn more about our work.