cbcvebase.
CVE-2023-29058
published 2023-04-28

CVE-2023-29058: A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC…

medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

Affected

113 ranges· showing 25
VendorProductVersion rangeFixed in
lenovothinkagile_hx1021_firmware< 3.72_tei388s3.72_tei388s
lenovothinkagile_hx1320_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx1321_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx1331_firmware< 2.93_afbt30p2.93_afbt30p
lenovothinkagile_hx1520-r_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx1521-r_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx2320-e_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx2321_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx2330_firmware< 2.93_afbt30p2.93_afbt30p
lenovothinkagile_hx2330_firmware
lenovothinkagile_hx2331_firmware< 2.93_afbt30p2.93_afbt30p
lenovothinkagile_hx2720-e_firmware< 3.72_tei388s3.72_tei388s
lenovothinkagile_hx3320_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx3321_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx3330_firmware< 2.93_afbt30p2.93_afbt30p
lenovothinkagile_hx3331_firmware< 2.93_afbt30p2.93_afbt30p
lenovothinkagile_hx3331_firmware< 4.71_d8bt48p4.71_d8bt48p
lenovothinkagile_hx3375_firmware< 4.71_d8bt48p4.71_d8bt48p
lenovothinkagile_hx3376_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx3520-g_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx3521-g_firmware< 3.72_tei388s3.72_tei388s
lenovothinkagile_hx3720_firmware< 3.72_tei388s3.72_tei388s
lenovothinkagile_hx3721_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx5520-c_firmware< 8.88_cdi3a4a8.88_cdi3a4a
lenovothinkagile_hx5520_firmware< 8.88_cdi3a4a8.88_cdi3a4a