HIGH🇵🇱 Wersja polska

CVE-2023-29057

CVSS 7.3v3.1pub. 2023-04-28upd. 2024-11-21

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
  • Lenovo Thinkagile Hx1021

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1021 Firmware

    OS
    Lenovo
    < 3.72_tei388s
  • Lenovo Thinkagile Hx1320

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1320 Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx1321

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1321 Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx1331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1331 Firmware

    OS
    Lenovo
    < 2.93_afbt30p
  • Lenovo Thinkagile Hx1520 R

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1520 R Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx1521 R

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1521 R Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx2320 E

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2320 E Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx2321

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2321 Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx2330

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2330 Firmware

    OS
    Lenovo
    2.93_afbt30p< 2.93_afbt30p
  • Lenovo Thinkagile Hx2331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2331 Firmware

    OS
    Lenovo
    < 2.93_afbt30p
  • Lenovo Thinkagile Hx2720 E

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2720 E Firmware

    OS
    Lenovo
    < 3.72_tei388s
  • Lenovo Thinkagile Hx3320

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3320 Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx3321

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3321 Firmware

    OS
    Lenovo
    < 8.88_cdi3a4a
  • Lenovo Thinkagile Hx3330

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3330 Firmware

    OS
    Lenovo
    < 2.93_afbt30p
  • Lenovo Thinkagile Hx3331

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3331 Firmware

    OS
    Lenovo
    < 2.93_afbt30p< 4.71_d8bt48p
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2023-4607HIGH7.5ten sam produkt

An authenticated XCC user can change permissions for any user through a crafted API command.

CVE-2023-4606HIGH8.1ten sam produkt

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted A...

CVE-2023-0683HIGH8.3ten sam produkt

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically craf...

CVE-2022-34884HIGH7.2ten sam produkt

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...