CVE-2024-8280 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
lenovo	thinkagile_hx7530_firmware	𝑥 < 4.71_afbt48c	ADP
lenovo	thinksystem_st250_v3_firmware	𝑥 < 2.10_ctx213g	ADP
lenovo	thinkagile_hx1320_firmware	𝑥 < 9.97_cdi3b4b	ADP
lenovo	thinkagile_hx3375_firmware	𝑥 < 5.61_d8bt64d	ADP
lenovo	thinkagile_hx_enclosure_certified_node_firmware	𝑥 < 6.36_tei3f4a	ADP
lenovo	thinkagile_hx1021_edge_certified_node_3yr_firmware	𝑥 < 4.11_tei3e4a	ADP
lenovo	thinkagile_hx7820_firmware	𝑥 < 3.11_psi354a	ADP
lenovo	thinksystem_sd530_v3_firmware	𝑥 < 1.20_usx352	ADP
lenovo	thinksystem_sd630_v2_firmware	𝑥 < 4.11_tgbt50c	ADP
lenovo	thinksystem_st650_v3_firmware	𝑥 < 6.10_usx350g	ADP
lenovo	thinksystem_sr675_v3_firmware	𝑥 < 6.10_qgx340j	ADP
lenovo	thinkedge_se350_v2_firmware	𝑥 < 3.11_iyx328m	ADP
lenovo	thinkedge_se450__firmware	𝑥 < 3.11_usx332x	ADP
lenovo	thinkedge_se455_v3_firmware	𝑥 < 3.10_mbx308l	ADP
lenovo	thinksystem_sr630_v3_firmware	𝑥 < 5.10_esx330m	ADP
lenovo	thinksystem_sr635_v3_firmware	𝑥 < 3.20_kax334o	ADP
lenovo	thinksystem_sr850_v3_firmware	𝑥 < 4.10_rsx312i	ADP
lenovo	thinksystem_sr950_v3_firmware	𝑥 < 3.10_ebx308i	ADP

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://support.lenovo.com/us/en/product_security/LEN-172051