#VU80746 Permissions, Privileges, and Access Controls in Lenovo products - CVE-2023-4607
Published: September 13, 2023
Vulnerability identifier: #VU80746
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-4607
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ThinkAgile HX5530 Appliance
ThinkAgile HX7530 Appliance
ThinkAgile VX3331 Certified Node
ThinkAgile HX Enclosure Certified Node
ThinkAgile HX1021 Edge Certified Node 3yr
ThinkAgile HX1320 Appliance
ThinkAgile HX1321 Certified Node
ThinkAgile HX1331 Certified Node
ThinkAgile HX1520-R Appliance
ThinkAgile HX1521-R Certified Node
ThinkAgile HX2320-E Appliance
ThinkAgile HX2321 Certified Node
ThinkAgile HX2330 Appliance
ThinkAgile HX2331 Certified Node
ThinkAgile HX2720-E Appliance
ThinkAgile HX3320 Appliance
ThinkAgile HX3321 Certified Node
ThinkAgile HX3330 Appliance
ThinkAgile HX3331 Certified Node
ThinkAgile HX3331 Node SAP HANA
ThinkAgile HX3375 Appliance
ThinkAgile HX3376 Certified Node
ThinkAgile HX3520-G Appliance
ThinkAgile HX3521-G Certified Node
ThinkAgile HX3720 Appliance
ThinkAgile HX3721 Certified Node
ThinkAgile HX5520 Appliance
ThinkAgile HX5520-C Appliance
ThinkAgile HX5521 Certified Node
ThinkAgile HX5521-C Certified Node
ThinkAgile HX5531 Certified Node
ThinkAgile HX7520 Appliance
ThinkAgile HX7521 Certified Node
ThinkAgile HX7530 Appl for SAP HANA
ThinkAgile HX7531 Certified Node
ThinkAgile HX7531 Node SAP HANA
ThinkAgile HX7820 Appliance
ThinkAgile HX7821 Certified Node
ThinkAgile MX Edge Appliance - MX1020
ThinkAgile MX3330-F All-flash Appliance
ThinkAgile MX3330-H Hybrid Appliance
ThinkAgile MX3331-F All-flash Certified node
ThinkAgile MX3331-H Hybrid Certified node
ThinkAgile MX3530 F All flash Appliance
ThinkAgile MX3530-H Hybrid Appliance
ThinkAgile MX3531 H Hybrid Certified node
ThinkAgile MX3531-F All-flash Certified node
ThinkAgile MX630 V3 Certified Node
ThinkAgile MX630 V3 Integrated System
ThinkAgile MX650 V3 Certified Node
ThinkAgile MX650 v3 Integrated System
ThinkAgile MX1021 on SE350
ThinkAgile VX 1SE Certified Node
ThinkAgile VX 2U4N Certified Node
ThinkAgile VX 4U Certified Node
ThinkAgile VX1320
ThinkAgile VX2320
ThinkAgile VX2330 Appliance
ThinkAgile VX3320
ThinkAgile VX3330 Appliance
ThinkAgile VX3520-G
ThinkAgile VX3530-G Appliance
ThinkAgile VX3720
ThinkAgile VX5520
ThinkAgile VX5530 Appliance
ThinkAgile VX7320 N
Thinkagile VX7330 Appliance
ThinkAgile VX7520
ThinkAgile VX7520 N
ThinkAgile VX7530 Appliance
ThinkAgile VX7531 Certified Node
ThinkAgile VX7820
ThinkEdge SE450
ThinkStation P920 Rack Workstation
ThinkSystem SD530
ThinkSystem SD630 V2
ThinkSystem SD650 DWC Dual Node Tray
ThinkSystem SD650 V2
ThinkSystem SD650 V3
ThinkSystem SD650-N V2
ThinkSystem SD665 V3
ThinkSystem SE350
ThinkSystem SN550
ThinkSystem SN550 V2
ThinkSystem SN850
ThinkSystem SR150
ThinkSystem SR158
ThinkSystem SR250
ThinkSystem SR250 V2
ThinkSystem SR258
ThinkSystem SR258 V2
ThinkSystem SR530
ThinkSystem SR550
ThinkSystem SR570
ThinkSystem SR590
ThinkSystem SR630
ThinkSystem SR630 V2
ThinkSystem SR630 V3
ThinkSystem SR635 V3
ThinkSystem SR645
ThinkSystem SR645 V3
ThinkSystem SR650
ThinkSystem SR650 V2
ThinkSystem SR650 V3
ThinkSystem SR655 V3
ThinkSystem SR665
ThinkSystem SR665 V3
ThinkSystem SR670
ThinkSystem SR670 V2
ThinkSystem SR675 V3
ThinkSystem SR850
ThinkSystem SR850 V2
ThinkSystem SR850 V3
ThinkSystem SR850P
ThinkSystem SR860
ThinkSystem SR860 V2
ThinkSystem SR860 V3
ThinkSystem SR950
ThinkSystem ST250
ThinkSystem ST250 V2
ThinkSystem ST258
ThinkSystem ST258 V2
ThinkSystem ST550
ThinkSystem ST650 V2
ThinkSystem ST650 V3
ThinkSystem ST658 V2
ThinkSystem ST658 V3
ThinkAgile HX5530 Appliance
ThinkAgile HX7530 Appliance
ThinkAgile VX3331 Certified Node
ThinkAgile HX Enclosure Certified Node
ThinkAgile HX1021 Edge Certified Node 3yr
ThinkAgile HX1320 Appliance
ThinkAgile HX1321 Certified Node
ThinkAgile HX1331 Certified Node
ThinkAgile HX1520-R Appliance
ThinkAgile HX1521-R Certified Node
ThinkAgile HX2320-E Appliance
ThinkAgile HX2321 Certified Node
ThinkAgile HX2330 Appliance
ThinkAgile HX2331 Certified Node
ThinkAgile HX2720-E Appliance
ThinkAgile HX3320 Appliance
ThinkAgile HX3321 Certified Node
ThinkAgile HX3330 Appliance
ThinkAgile HX3331 Certified Node
ThinkAgile HX3331 Node SAP HANA
ThinkAgile HX3375 Appliance
ThinkAgile HX3376 Certified Node
ThinkAgile HX3520-G Appliance
ThinkAgile HX3521-G Certified Node
ThinkAgile HX3720 Appliance
ThinkAgile HX3721 Certified Node
ThinkAgile HX5520 Appliance
ThinkAgile HX5520-C Appliance
ThinkAgile HX5521 Certified Node
ThinkAgile HX5521-C Certified Node
ThinkAgile HX5531 Certified Node
ThinkAgile HX7520 Appliance
ThinkAgile HX7521 Certified Node
ThinkAgile HX7530 Appl for SAP HANA
ThinkAgile HX7531 Certified Node
ThinkAgile HX7531 Node SAP HANA
ThinkAgile HX7820 Appliance
ThinkAgile HX7821 Certified Node
ThinkAgile MX Edge Appliance - MX1020
ThinkAgile MX3330-F All-flash Appliance
ThinkAgile MX3330-H Hybrid Appliance
ThinkAgile MX3331-F All-flash Certified node
ThinkAgile MX3331-H Hybrid Certified node
ThinkAgile MX3530 F All flash Appliance
ThinkAgile MX3530-H Hybrid Appliance
ThinkAgile MX3531 H Hybrid Certified node
ThinkAgile MX3531-F All-flash Certified node
ThinkAgile MX630 V3 Certified Node
ThinkAgile MX630 V3 Integrated System
ThinkAgile MX650 V3 Certified Node
ThinkAgile MX650 v3 Integrated System
ThinkAgile MX1021 on SE350
ThinkAgile VX 1SE Certified Node
ThinkAgile VX 2U4N Certified Node
ThinkAgile VX 4U Certified Node
ThinkAgile VX1320
ThinkAgile VX2320
ThinkAgile VX2330 Appliance
ThinkAgile VX3320
ThinkAgile VX3330 Appliance
ThinkAgile VX3520-G
ThinkAgile VX3530-G Appliance
ThinkAgile VX3720
ThinkAgile VX5520
ThinkAgile VX5530 Appliance
ThinkAgile VX7320 N
Thinkagile VX7330 Appliance
ThinkAgile VX7520
ThinkAgile VX7520 N
ThinkAgile VX7530 Appliance
ThinkAgile VX7531 Certified Node
ThinkAgile VX7820
ThinkEdge SE450
ThinkStation P920 Rack Workstation
ThinkSystem SD530
ThinkSystem SD630 V2
ThinkSystem SD650 DWC Dual Node Tray
ThinkSystem SD650 V2
ThinkSystem SD650 V3
ThinkSystem SD650-N V2
ThinkSystem SD665 V3
ThinkSystem SE350
ThinkSystem SN550
ThinkSystem SN550 V2
ThinkSystem SN850
ThinkSystem SR150
ThinkSystem SR158
ThinkSystem SR250
ThinkSystem SR250 V2
ThinkSystem SR258
ThinkSystem SR258 V2
ThinkSystem SR530
ThinkSystem SR550
ThinkSystem SR570
ThinkSystem SR590
ThinkSystem SR630
ThinkSystem SR630 V2
ThinkSystem SR630 V3
ThinkSystem SR635 V3
ThinkSystem SR645
ThinkSystem SR645 V3
ThinkSystem SR650
ThinkSystem SR650 V2
ThinkSystem SR650 V3
ThinkSystem SR655 V3
ThinkSystem SR665
ThinkSystem SR665 V3
ThinkSystem SR670
ThinkSystem SR670 V2
ThinkSystem SR675 V3
ThinkSystem SR850
ThinkSystem SR850 V2
ThinkSystem SR850 V3
ThinkSystem SR850P
ThinkSystem SR860
ThinkSystem SR860 V2
ThinkSystem SR860 V3
ThinkSystem SR950
ThinkSystem ST250
ThinkSystem ST250 V2
ThinkSystem ST258
ThinkSystem ST258 V2
ThinkSystem ST550
ThinkSystem ST650 V2
ThinkSystem ST650 V3
ThinkSystem ST658 V2
ThinkSystem ST658 V3
Software vendor:
Lenovo
Lenovo
Description
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions. A local authenticated Lenovo XClarity Controller (XCC) user can change permissions for any user through a crafted API command.Remediation
Install updates from vendor's website.