ID

VAR-202304-2262


CVE

CVE-2023-29058


TITLE

plural  Lenovo  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-009601

DESCRIPTION

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. thinkagile hx5530 firmware, thinkagile hx7530 firmware, ThinkAgile VX3331 firmware etc. Lenovo There are unspecified vulnerabilities in the product.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2023-29058 // JVNDB: JVNDB-2023-009601 // VULMON: CVE-2023-29058

AFFECTED PRODUCTS

vendor:lenovomodel:thinksystem sr650 v2scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx5520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem st258 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr258scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr650scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx1320scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx2320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sd630 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile hx2320-escope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr158scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx 1sescope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx2720-escope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr550scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx7531scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx3530 fscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sd530scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem st250scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx1320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx5521-cscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx3720scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile mx3531 hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr950scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1321scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx2330scope:eqversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx3375scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinksystem sr670scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr250scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx7531scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx5530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem st250 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile hx7530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7521scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkstation p920scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem st258scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx3320scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx3331scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx3720scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr530scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx1521-rscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx3330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sn850scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx2331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx enclosurescope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem se350scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx5531scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr630scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr645scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx2321scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr645 v3scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile mx1020scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr850pscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr250 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx3520-gscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx7320 nscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx3521-gscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3321scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx7820scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinksystem sr850scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1021scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem st550scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx5520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr570scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sd650scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx1520-rscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sn550 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx3530-gscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sn550scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx7820scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3520-gscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile mx3331-hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr860scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem st650 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr670 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx7520 nscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx5521scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr150scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile hx7821scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile mx3531-fscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinkagile vx 2u4nscope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr665scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7531scope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile hx3721scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx5530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx7330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx7530scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr258 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx3331scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx5520-cscope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinksystem sr630 v2scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile vx 4uscope:ltversion:2.75_psi348s

Trust: 1.0

vendor:lenovomodel:thinkagile mx3330-fscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sd650 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkagile vx2330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile hx3376scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile vx7520scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile hx2330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx3330-hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sr590scope:ltversion:8.88_cdi3a4a

Trust: 1.0

vendor:lenovomodel:thinkagile mx3331-fscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinksystem sd650-n v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem st658 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr860 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinkedge se450scope:ltversion:1.60_usx324o

Trust: 1.0

vendor:lenovomodel:thinkagile hx3330scope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx3530-hscope:ltversion:2.93_afbt30p

Trust: 1.0

vendor:lenovomodel:thinkagile mx1021 on se350scope:ltversion:3.72_tei388s

Trust: 1.0

vendor:lenovomodel:thinksystem sr850 v2scope:ltversion:2.60_tgbt42h

Trust: 1.0

vendor:lenovomodel:thinksystem sr665 v3scope:ltversion:4.71_d8bt48p

Trust: 1.0

vendor:lenovomodel:thinkagile hx7530scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1321scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2320-escope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2321scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2330scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx enclosurescope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1521-rscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2720-escope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3321scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3330scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile vx3331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3320scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1021scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx3331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1520-rscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx1320scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx2331scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkagile hx5530scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009601 // NVD: CVE-2023-29058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-29058
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2023-29058
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-29058
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202304-2274
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-29058
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2023-29058
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2023-29058
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009601 // CNNVD: CNNVD-202304-2274 // NVD: CVE-2023-29058 // NVD: CVE-2023-29058

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009601 // NVD: CVE-2023-29058

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-2274

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-2274

PATCH

title:Lenovo XClarity Controller Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=236402

Trust: 0.6

sources: CNNVD: CNNVD-202304-2274

EXTERNAL IDS

db:NVDid:CVE-2023-29058

Trust: 3.3

db:LENOVOid:LEN-118321

Trust: 2.5

db:JVNDBid:JVNDB-2023-009601

Trust: 0.8

db:CNNVDid:CNNVD-202304-2274

Trust: 0.6

db:VULMONid:CVE-2023-29058

Trust: 0.1

sources: VULMON: CVE-2023-29058 // JVNDB: JVNDB-2023-009601 // CNNVD: CNNVD-202304-2274 // NVD: CVE-2023-29058

REFERENCES

url:https://support.lenovo.com/us/en/product_security/len-118321

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-29058

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-29058/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-29058 // JVNDB: JVNDB-2023-009601 // CNNVD: CNNVD-202304-2274 // NVD: CVE-2023-29058

SOURCES

db:VULMONid:CVE-2023-29058
db:JVNDBid:JVNDB-2023-009601
db:CNNVDid:CNNVD-202304-2274
db:NVDid:CVE-2023-29058

LAST UPDATE DATE

2024-08-14T13:52:32.640000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-29058date:2023-04-28T00:00:00
db:JVNDBid:JVNDB-2023-009601date:2023-12-06T02:46:00
db:CNNVDid:CNNVD-202304-2274date:2023-05-09T00:00:00
db:NVDid:CVE-2023-29058date:2023-05-08T17:27:52.427

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-29058date:2023-04-28T00:00:00
db:JVNDBid:JVNDB-2023-009601date:2023-12-06T00:00:00
db:CNNVDid:CNNVD-202304-2274date:2023-04-28T00:00:00
db:NVDid:CVE-2023-29058date:2023-04-28T21:15:08.750