CVE-2023-29058

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H
lenovoCNA
6.4 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
lenovothinkagile_hx5530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx_enclosure_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx1021_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx1320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx1321_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx1331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx1520-r_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx1521-r_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx2320-e_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx2321_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx2330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx2330_firmware
2.93_afbt30p:_afbt30p
lenovothinkagile_hx2331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx2720-e_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx3320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3321_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx3331_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx3331_firmware
𝑥
< 4.71_d8bt48p
lenovothinkagile_hx3375_firmware
𝑥
< 4.71_d8bt48p
lenovothinkagile_hx3376_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3520-g_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx3521-g_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx3720_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_hx3721_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5520-c_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5521_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx5521-c_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx5531_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx7520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_hx7521_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7531_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_hx7531_firmware
𝑥
< 2.75_psi348s
lenovothinkagile_hx7820_firmware
𝑥
< 2.75_psi348s
lenovothinkagile_hx7821_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_mx1020_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3330-f_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3330-h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3331-f_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3331-h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3530_f_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3530-h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3531_h_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_mx3531-f_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_mx1021_on_se350_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx_1se_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx_2u4n_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx_4u_firmware
𝑥
< 2.75_psi348s
lenovothinkagile_vx1320_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx2320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx2330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3320_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx3330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3520-g_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx3530-g_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx3720_firmware
𝑥
< 3.72_tei388s
lenovothinkagile_vx5520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx5530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7320_n_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx7330_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7520_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx7520_n_firmware
𝑥
< 8.88_cdi3a4a
lenovothinkagile_vx7530_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7531_firmware
𝑥
< 2.93_afbt30p
lenovothinkagile_vx7820_firmware
𝑥
< 2.75_psi348s
lenovothinkedge_se450__firmware
𝑥
< 1.60_usx324o
lenovothinkstation_p920_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sd530_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sd630_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sd650_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sd650_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sd650-n_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_se350_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sn550_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sn550_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sn850_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr150_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr158_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr250_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr250_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr258_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr258_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr530_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr550_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr570_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr590_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr630_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr630_v2_firmware
𝑥
< 2.93_afbt30p
lenovothinksystem_sr645_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr645_v3_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr650_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_sr650_v2_firmware
𝑥
< 2.93_afbt30p
lenovothinksystem_sr665_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr665_v3_firmware
𝑥
< 4.71_d8bt48p
lenovothinksystem_sr670_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr670_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr850_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr850_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr850p_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr860_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_sr860_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_sr950_firmware
𝑥
< 2.75_psi348s
lenovothinksystem_st250_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_st250_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_st258_firmware
𝑥
< 3.72_tei388s
lenovothinksystem_st258_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_st550_firmware
𝑥
< 8.88_cdi3a4a
lenovothinksystem_st650_v2_firmware
𝑥
< 2.60_tgbt42h
lenovothinksystem_st658_v2_firmware
𝑥
< 2.60_tgbt42h
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-118321
https://support.lenovo.com/us/en/product_security/LEN-118321