CVE-2023-0683

CWE-20Improper Input Validation3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 45.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
110
Lenovo Thinkagile Hx1021 FirmwareLenovo Thinkagile Hx1320 FirmwareLenovo Thinkagile Hx1321 Firmware+107 more
Timeline
PublishedMay 1

Description

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:HExploitability: 2.8 | Impact: 5.5

Affected Packages110 packages

🔴Vulnerability Details

2
CVEList
CVE-2023-0683: A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call2023-05-01
GHSA
GHSA-p2jf-cw3h-mcrc: A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call2023-05-01