CVE-2023-29057

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as Local First, then LDAP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
lenovoCNA
7.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
lenovothinkagile_hx5530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx_enclosure_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx1021_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx1320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx1321_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx1331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx1520-r_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx1521-r_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx2320-e_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx2321_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx2330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx2330_firmware
2.93_afbt30p:_afbt30p
lenovothinkagile_hx2331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx2720-e_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx3320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3321_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx3331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx3331_firmware
𝑥
< 4.71_d8bt48p
lenovothinkagile_hx3375_firmware
𝑥
< 4.71_d8bt48p
lenovothinkagile_hx3376_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3520-g_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3521-g_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx3720_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx3721_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5520-c_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5521_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5521-c_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx5531_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx7520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx7521_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7531_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7531_firmware
𝑥
< 2.75_psi348s
lenovothinkagile_hx7820_firmware
𝑥
< 2.75_psi348s
lenovothinkagile_hx7821_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_mx1020_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3330-f_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3330-h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3331-f_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3331-h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3530_f_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3530-h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3531_h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3531-f_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_mx1021_on_se350_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx_1se_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx_2u4n_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx_4u_firmware
𝑥
< 2.75_psi348s
lenovothinkagile_vx1320_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx2320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx2330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx3330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3520-g_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx3530-g_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3720_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx5520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx5530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7320_n_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx7330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx7520_n_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx7530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7531_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7820_firmware
𝑥
< 2.75_psi348s
lenovothinkedge_se450__firmware
𝑥
< 1.60_usx324o
lenovothinkstation_p920_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sd530_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sd630_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sd650_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sd650_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sd650-n_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_se350_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sn550_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sn550_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sn850_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr150_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr158_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr250_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr250_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr258_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr258_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr530_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr550_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr570_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr590_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr630_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr630_v2_firmware
𝑥
< 2.93_afbt30p
lenovothinksystem_sr645_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr645_v3_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr650_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr650_v2_firmware
𝑥
< 2.93_afbt30p
lenovothinksystem_sr665_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr665_v3_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr670_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr670_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr850_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr850_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr850p_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr860_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr860_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr950_firmware
𝑥
< 2.75_psi348s
lenovothinksystem_st250_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_st250_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_st258_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_st258_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_st550_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_st650_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_st658_v2_firmware
𝑥
< 2.60_tgbt42h
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-118321
https://support.lenovo.com/us/en/product_security/LEN-118321