Vulnerability identifier: #VU80746

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4607

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ThinkAgile HX5530 Appliance
Hardware solutions / Firmware
ThinkAgile HX7530 Appliance
Hardware solutions / Firmware
ThinkAgile VX3331 Certified Node
Hardware solutions / Firmware
ThinkAgile HX Enclosure Certified Node
Hardware solutions / Firmware
ThinkAgile HX1021 Edge Certified Node 3yr
Hardware solutions / Firmware
ThinkAgile HX1320 Appliance
Hardware solutions / Firmware
ThinkAgile HX1321 Certified Node
Hardware solutions / Firmware
ThinkAgile HX1331 Certified Node
Hardware solutions / Firmware
ThinkAgile HX1520-R Appliance
Hardware solutions / Firmware
ThinkAgile HX1521-R Certified Node
Hardware solutions / Firmware
ThinkAgile HX2320-E Appliance
Hardware solutions / Firmware
ThinkAgile HX2321 Certified Node
Hardware solutions / Firmware
ThinkAgile HX2330 Appliance
Hardware solutions / Firmware
ThinkAgile HX2331 Certified Node
Hardware solutions / Firmware
ThinkAgile HX2720-E Appliance
Hardware solutions / Firmware
ThinkAgile HX3320 Appliance
Hardware solutions / Firmware
ThinkAgile HX3321 Certified Node
Hardware solutions / Firmware
ThinkAgile HX3330 Appliance
Hardware solutions / Firmware
ThinkAgile HX3331 Certified Node
Hardware solutions / Firmware
ThinkAgile HX3331 Node SAP HANA
Hardware solutions / Firmware
ThinkAgile HX3375 Appliance
Hardware solutions / Firmware
ThinkAgile HX3376 Certified Node
Hardware solutions / Firmware
ThinkAgile HX3520-G Appliance
Hardware solutions / Firmware
ThinkAgile HX3521-G Certified Node
Hardware solutions / Firmware
ThinkAgile HX3720 Appliance
Hardware solutions / Firmware
ThinkAgile HX3721 Certified Node
Hardware solutions / Firmware
ThinkAgile HX5520 Appliance
Hardware solutions / Firmware
ThinkAgile HX5520-C Appliance
Hardware solutions / Firmware
ThinkAgile HX5521 Certified Node
Hardware solutions / Firmware
ThinkAgile HX5521-C Certified Node
Hardware solutions / Firmware
ThinkAgile HX5531 Certified Node
Hardware solutions / Firmware
ThinkAgile HX7520 Appliance
Hardware solutions / Firmware
ThinkAgile HX7521 Certified Node
Hardware solutions / Firmware
ThinkAgile HX7530 Appl for SAP HANA
Hardware solutions / Firmware
ThinkAgile HX7531 Certified Node
Hardware solutions / Firmware
ThinkAgile HX7531 Node SAP HANA
Hardware solutions / Firmware
ThinkAgile HX7820 Appliance
Hardware solutions / Firmware
ThinkAgile HX7821 Certified Node
Hardware solutions / Firmware
ThinkAgile MX Edge Appliance - MX1020
Hardware solutions / Firmware
ThinkAgile MX3330-F All-flash Appliance
Hardware solutions / Firmware
ThinkAgile MX3330-H Hybrid Appliance
Hardware solutions / Firmware
ThinkAgile MX3331-F All-flash Certified node
Hardware solutions / Firmware
ThinkAgile MX3331-H Hybrid Certified node
Hardware solutions / Firmware
ThinkAgile MX3530 F All flash Appliance
Hardware solutions / Firmware
ThinkAgile MX3530-H Hybrid Appliance
Hardware solutions / Firmware
ThinkAgile MX3531 H Hybrid Certified node
Hardware solutions / Firmware
ThinkAgile MX3531-F All-flash Certified node
Hardware solutions / Firmware
ThinkAgile MX630 V3 Certified Node
Hardware solutions / Firmware
ThinkAgile MX630 V3 Integrated System
Hardware solutions / Firmware
ThinkAgile MX650 V3 Certified Node
Hardware solutions / Firmware
ThinkAgile MX650 v3 Integrated System
Hardware solutions / Firmware
ThinkAgile MX1021 on SE350
Hardware solutions / Firmware
ThinkAgile VX 1SE Certified Node
Hardware solutions / Firmware
ThinkAgile VX 2U4N Certified Node
Hardware solutions / Firmware
ThinkAgile VX 4U Certified Node
Hardware solutions / Firmware
ThinkAgile VX1320
Hardware solutions / Firmware
ThinkAgile VX2320
Hardware solutions / Firmware
ThinkAgile VX2330 Appliance
Hardware solutions / Firmware
ThinkAgile VX3320
Hardware solutions / Firmware
ThinkAgile VX3330 Appliance
Hardware solutions / Firmware
ThinkAgile VX3520-G
Hardware solutions / Firmware
ThinkAgile VX3530-G Appliance
Hardware solutions / Firmware
ThinkAgile VX3720
Hardware solutions / Firmware
ThinkAgile VX5520
Hardware solutions / Firmware
ThinkAgile VX5530 Appliance
Hardware solutions / Firmware
ThinkAgile VX7320 N
Hardware solutions / Firmware
Thinkagile VX7330 Appliance
Hardware solutions / Firmware
ThinkAgile VX7520
Hardware solutions / Firmware
ThinkAgile VX7520 N
Hardware solutions / Firmware
ThinkAgile VX7530 Appliance
Hardware solutions / Firmware
ThinkAgile VX7531 Certified Node
Hardware solutions / Firmware
ThinkAgile VX7820
Hardware solutions / Firmware
ThinkEdge SE450
Hardware solutions / Firmware
ThinkStation P920 Rack Workstation
Hardware solutions / Firmware
ThinkSystem SD530
Hardware solutions / Firmware
ThinkSystem SD630 V2
Hardware solutions / Firmware
ThinkSystem SD650 DWC Dual Node Tray
Hardware solutions / Firmware
ThinkSystem SD650 V2
Hardware solutions / Firmware
ThinkSystem SD650 V3
Hardware solutions / Firmware
ThinkSystem SD650-N V2
Hardware solutions / Firmware
ThinkSystem SD665 V3
Hardware solutions / Firmware
ThinkSystem SE350
Hardware solutions / Firmware
ThinkSystem SN550
Hardware solutions / Firmware
ThinkSystem SN550 V2
Hardware solutions / Firmware
ThinkSystem SN850
Hardware solutions / Firmware
ThinkSystem SR150
Hardware solutions / Firmware
ThinkSystem SR158
Hardware solutions / Firmware
ThinkSystem SR250
Hardware solutions / Firmware
ThinkSystem SR250 V2
Hardware solutions / Firmware
ThinkSystem SR258
Hardware solutions / Firmware
ThinkSystem SR258 V2
Hardware solutions / Firmware
ThinkSystem SR530
Hardware solutions / Firmware
ThinkSystem SR550
Hardware solutions / Firmware
ThinkSystem SR570
Hardware solutions / Firmware
ThinkSystem SR590
Hardware solutions / Firmware
ThinkSystem SR630
Hardware solutions / Firmware
ThinkSystem SR630 V2
Hardware solutions / Firmware
ThinkSystem SR630 V3
Hardware solutions / Firmware
ThinkSystem SR635 V3
Hardware solutions / Firmware
ThinkSystem SR645
Hardware solutions / Firmware
ThinkSystem SR645 V3
Hardware solutions / Firmware
ThinkSystem SR650
Hardware solutions / Firmware
ThinkSystem SR650 V2
Hardware solutions / Firmware
ThinkSystem SR650 V3
Hardware solutions / Firmware
ThinkSystem SR655 V3
Hardware solutions / Firmware
ThinkSystem SR665
Hardware solutions / Firmware
ThinkSystem SR665 V3
Hardware solutions / Firmware
ThinkSystem SR670
Hardware solutions / Firmware
ThinkSystem SR670 V2
Hardware solutions / Firmware
ThinkSystem SR675 V3
Hardware solutions / Firmware
ThinkSystem SR850
Hardware solutions / Firmware
ThinkSystem SR850 V2
Hardware solutions / Firmware
ThinkSystem SR850 V3
Hardware solutions / Firmware
ThinkSystem SR850P
Hardware solutions / Firmware
ThinkSystem SR860
Hardware solutions / Firmware
ThinkSystem SR860 V2
Hardware solutions / Firmware
ThinkSystem SR860 V3
Hardware solutions / Firmware
ThinkSystem SR950
Hardware solutions / Firmware
ThinkSystem ST250
Hardware solutions / Firmware
ThinkSystem ST250 V2
Hardware solutions / Firmware
ThinkSystem ST258
Hardware solutions / Firmware
ThinkSystem ST258 V2
Hardware solutions / Firmware
ThinkSystem ST550
Hardware solutions / Firmware
ThinkSystem ST650 V2
Hardware solutions / Firmware
ThinkSystem ST650 V3
Hardware solutions / Firmware
ThinkSystem ST658 V2
Hardware solutions / Firmware
ThinkSystem ST658 V3
Hardware solutions / Firmware

Vendor:

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions. A local authenticated Lenovo XClarity Controller (XCC) user can change permissions for any user through a crafted API command.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://support.lenovo.com/us/en/product_security/LEN-140960

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.