#VU80745 Permissions, Privileges, and Access Controls in Lenovo products - CVE-2023-4606

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU80745

#VU80745 Permissions, Privileges, and Access Controls in Lenovo products - CVE-2023-4606

Published: September 13, 2023


Vulnerability identifier: #VU80745
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-4606
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
ThinkAgile HX5530 Appliance
ThinkAgile HX7530 Appliance
ThinkAgile VX3331 Certified Node
ThinkAgile HX1331 Certified Node
ThinkAgile HX2330 Appliance
ThinkAgile HX2331 Certified Node
ThinkAgile HX3330 Appliance
ThinkAgile HX3331 Certified Node
ThinkAgile HX3331 Node SAP HANA
ThinkAgile HX3375 Appliance
ThinkAgile HX3376 Certified Node
ThinkAgile HX5531 Certified Node
ThinkAgile HX7530 Appl for SAP HANA
ThinkAgile HX7531 Certified Node
ThinkAgile HX7531 Node SAP HANA
ThinkAgile MX3330-F All-flash Appliance
ThinkAgile MX3330-H Hybrid Appliance
ThinkAgile MX3331-F All-flash Certified node
ThinkAgile MX3331-H Hybrid Certified node
ThinkAgile MX3530 F All flash Appliance
ThinkAgile MX3530-H Hybrid Appliance
ThinkAgile MX3531 H Hybrid Certified node
ThinkAgile MX3531-F All-flash Certified node
ThinkAgile VX2330 Appliance
ThinkAgile VX3330 Appliance
ThinkAgile VX3530-G Appliance
ThinkAgile VX5530 Appliance
Thinkagile VX7330 Appliance
ThinkAgile VX7530 Appliance
ThinkAgile VX7531 Certified Node
ThinkSystem SD630 V2
ThinkSystem SD650 V2
ThinkSystem SD650 V3
ThinkSystem SD650-N V2
ThinkSystem SD665 V3
ThinkSystem SN550 V2
ThinkSystem SR250 V2
ThinkSystem SR258 V2
ThinkSystem SR630 V2
ThinkSystem SR630 V3
ThinkSystem SR635 V3
ThinkSystem SR645
ThinkSystem SR645 V3
ThinkSystem SR650 V2
ThinkSystem SR650 V3
ThinkSystem SR655 V3
ThinkSystem SR665
ThinkSystem SR665 V3
ThinkSystem SR670 V2
ThinkSystem SR675 V3
ThinkSystem SR850 V2
ThinkSystem SR850 V3
ThinkSystem SR860 V2
ThinkSystem SR860 V3
ThinkSystem ST250 V2
ThinkSystem ST258 V2
ThinkSystem ST650 V2
ThinkSystem ST650 V3
ThinkSystem ST658 V2
ThinkSystem ST658 V3
Software vendor:
Lenovo

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions. A remote authenticated Lenovo XClarity Controller (XCC) user with ReadOnly permissions can use an API command to change password of another user.


Remediation

Install updates from vendor's website.

External links