CVE-2024-38508

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.5%

top 33.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Xclarity Controller

Timeline

PublishedJul 26

Description

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5lenovo/xclarity_controllervarious

🔴Vulnerability Details

GHSA

GHSA-9953-mrch-gvmc: A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticat↗2024-07-26

▶

CVEList

CVE-2024-38508: A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticat↗2024-07-26

▶