CVE-2023-29058 — MEDIUM (6.4)

Q: How severe is CVE-2023-29058?

CVE-2023-29058 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-29058?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkagile Hx5530 Firmware, Lenovo Thinkagile Hx5530, Lenovo Thinkagile Hx7530 Firmware, Lenovo Thinkagile Hx7530, Lenovo Thinkagile Vx3331 Firmware.

Vulnerability Description

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Thinkagile Hx5530 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Hx5530	-
Lenovo	Thinkagile Hx7530 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Hx7530	-
Lenovo	Thinkagile Vx3331 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Vx3331	-
Lenovo	Thinkagile Hx Enclosure Firmware	< 3.72_tei388s
Lenovo	Thinkagile Hx Enclosure	-
Lenovo	Thinkagile Hx1021 Firmware	< 3.72_tei388s
Lenovo	Thinkagile Hx1021	-
Lenovo	Thinkagile Hx1320 Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1320	-
Lenovo	Thinkagile Hx1321 Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1321	-
Lenovo	Thinkagile Hx1331 Firmware	< 2.93_afbt30p
Lenovo	Thinkagile Hx1331	-
Lenovo	Thinkagile Hx1520-R Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1520-R	-
Lenovo	Thinkagile Hx1521-R Firmware	< 8.88_cdi3a4a
Lenovo	Thinkagile Hx1521-R	-

Related Weaknesses (CWE)

CWE-276

References

https://support.lenovo.com/us/en/product_security/LEN-118321Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-118321Vendor Advisory

FAQ

What is CVE-2023-29058?

CVE-2023-29058 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disable...

How severe is CVE-2023-29058?

CVE-2023-29058 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29058?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkagile Hx5530 Firmware, Lenovo Thinkagile Hx5530, Lenovo Thinkagile Hx7530 Firmware, Lenovo Thinkagile Hx7530, Lenovo Thinkagile Vx3331 Firmware.