CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

Published: May 1, 2023
Updated: May 11, 2023
CVE: CVE-2023-0683
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
lenovo / thinkagile_hx5530_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx7530_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx_enclosure_firmware	-	3.72_tei388s
lenovo / thinkagile_hx1021_firmware	-	3.72_tei388s
lenovo / thinkagile_hx1320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx1321_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx1331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx1520-r_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx1521-r_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx2320-e_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx2321_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx2330_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx2330_firmware	2.93_afbt30p	2.93_afbt30p.x
lenovo / thinkagile_hx2331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx2720-e_firmware	-	3.72_tei388s
lenovo / thinkagile_hx3320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3321_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3330_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx3331_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx3331_firmware	-	4.71_d8bt48p
lenovo / thinkagile_hx3375_firmware	-	4.71_d8bt48p
lenovo / thinkagile_hx3376_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3520-g_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx3521-g_firmware	-	3.72_tei388s
lenovo / thinkagile_hx3720_firmware	-	3.72_tei388s
lenovo / thinkagile_hx3721_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5520-c_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5521_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx5521-c_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx5531_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx7520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_hx7521_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx7531_firmware	-	2.93_afbt30p
lenovo / thinkagile_hx7531_firmware	-	2.75_psi348s
lenovo / thinkagile_hx7820_firmware	-	2.75_psi348s
lenovo / thinkagile_hx7821_firmware	-	3.72_tei388s
lenovo / thinkagile_mx1020_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3330-f_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3330-h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3331-f_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3331-h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3530_f_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3530-h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3531_h_firmware	-	2.93_afbt30p
lenovo / thinkagile_mx3531-f_firmware	-	3.72_tei388s
lenovo / thinkagile_mx1021_on_se350_firmware	-	3.72_tei388s
lenovo / thinkagile_vx_1se_firmware	-	3.72_tei388s
lenovo / thinkagile_vx_2u4n_firmware	-	3.72_tei388s
lenovo / thinkagile_vx_4u_firmware	-	2.75_psi348s
lenovo / thinkagile_vx1320_firmware	-	3.72_tei388s
lenovo / thinkagile_vx2320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx2330_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3320_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx3330_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3520-g_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx3530-g_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx3720_firmware	-	3.72_tei388s
lenovo / thinkagile_vx5520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx5530_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7320_n_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx7330_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7520_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx7520_n_firmware	-	8.88_cdi3a4a
lenovo / thinkagile_vx7530_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7531_firmware	-	2.93_afbt30p
lenovo / thinkagile_vx7820_firmware	-	2.75_psi348s
lenovo / thinkedge_se450__firmware	-	1.60_usx324o
lenovo / thinkstation_p920_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sd530_firmware	-	3.72_tei388s
lenovo / thinksystem_sd630_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sd650_firmware	-	3.72_tei388s
lenovo / thinksystem_sd650_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sd650-n_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_se350_firmware	-	3.72_tei388s
lenovo / thinksystem_sn550_firmware	-	3.72_tei388s
lenovo / thinksystem_sn550_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sn850_firmware	-	3.72_tei388s
lenovo / thinksystem_sr150_firmware	-	3.72_tei388s
lenovo / thinksystem_sr158_firmware	-	3.72_tei388s
lenovo / thinksystem_sr250_firmware	-	3.72_tei388s
lenovo / thinksystem_sr250_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr258_firmware	-	3.72_tei388s
lenovo / thinksystem_sr258_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr530_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr550_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr570_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr590_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr630_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr630_v2_firmware	-	2.93_afbt30p
lenovo / thinksystem_sr645_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr645_v3_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr650_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_sr650_v2_firmware	-	2.93_afbt30p
lenovo / thinksystem_sr665_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr665_v3_firmware	-	4.71_d8bt48p
lenovo / thinksystem_sr670_firmware	-	3.72_tei388s
lenovo / thinksystem_sr670_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr850_firmware	-	3.72_tei388s
lenovo / thinksystem_sr850_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr850p_firmware	-	3.72_tei388s
lenovo / thinksystem_sr860_firmware	-	3.72_tei388s
lenovo / thinksystem_sr860_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_sr950_firmware	-	2.75_psi348s
lenovo / thinksystem_st250_firmware	-	3.72_tei388s
lenovo / thinksystem_st250_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_st258_firmware	-	3.72_tei388s
lenovo / thinksystem_st258_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_st550_firmware	-	8.88_cdi3a4a
lenovo / thinksystem_st650_v2_firmware	-	2.60_tgbt42h
lenovo / thinksystem_st658_v2_firmware	-	2.60_tgbt42h

https://support.lenovo.com/us/en/product_security/LEN-99936

Vulnerability Database

289,697

CVE-2023-0683