CVE-2023-25492 | ByteOS Network

Vulnerability Details :

CVE-2023-25492

Assigner-lenovo

Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At-01 May, 2023 | 14:11

Updated At-30 Jan, 2025 | 15:53

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:lenovo

Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At:01 May, 2023 | 14:11

Updated At:30 Jan, 2025 | 15:53

▼CVE Numbering Authority (CNA)

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

Affected Products

Vendor

Lenovo Group Limited

Product

XClarity Controller

Default Status

unaffected

Versions

Affected

See product security advisory below

Problem Types

Type	CWE ID	Description
CWE	CWE-134	CWE-134 Use of Externally-Controlled Format String

Type: CWE

CWE ID: CWE-134

Description: CWE-134 Use of Externally-Controlled Format String

Metrics

Version	Base score	Base severity	Vector
3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Solutions

Customers should update to the version (or later) of Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory: https://support.lenovo.com/us/en/product_security/LEN-99936 https://support.lenovo.com/us/en/product_security/LEN-99936

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-99936	N/A

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-99936

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-99936	x_transferred

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-99936

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:psirt@lenovo.com

Published At:01 May, 2023 | 15:15

Updated At:10 May, 2023 | 13:37

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CPE Matches

Lenovo Group Limited

>>thinkagile_hx5530>>-

cpe:2.3:h:lenovo:thinkagile_hx5530:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5530_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7530>>-

cpe:2.3:h:lenovo:thinkagile_hx7530:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7530_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_vx3331>>-

cpe:2.3:h:lenovo:thinkagile_vx3331:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_vx3331_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx_enclosure>>-

cpe:2.3:h:lenovo:thinkagile_hx_enclosure:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx_enclosure_firmware>>Versions before 3.72_tei388s(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx_enclosure_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1021>>-

cpe:2.3:h:lenovo:thinkagile_hx1021:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1021_firmware>>Versions before 3.72_tei388s(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1021_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1320>>-

cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1320_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1320_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1321>>-

cpe:2.3:h:lenovo:thinkagile_hx1321:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1321_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1321_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1331>>-

cpe:2.3:h:lenovo:thinkagile_hx1331:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1331_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1520-r>>-

cpe:2.3:h:lenovo:thinkagile_hx1520-r:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1520-r_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1520-r_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1521-r_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1521-r_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1521-r>>-

cpe:2.3:h:lenovo:thinkagile_hx1521-r:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2320-e_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2320-e_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2320-e>>-

cpe:2.3:h:lenovo:thinkagile_hx2320-e:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2321_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2321_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2321>>-

cpe:2.3:h:lenovo:thinkagile_hx2321:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2330_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2330_firmware>>2.93_afbt30p

cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:2.93_afbt30p:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2330>>-

cpe:2.3:h:lenovo:thinkagile_hx2330:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2331_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2331>>-

cpe:2.3:h:lenovo:thinkagile_hx2331:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2720-e_firmware>>Versions before 3.72_tei388s(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2720-e_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2720-e>>-

cpe:2.3:h:lenovo:thinkagile_hx2720-e:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3320_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3320_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3320>>-

cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3321_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3321_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3321>>-

cpe:2.3:h:lenovo:thinkagile_hx3321:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3330_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3330_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3330>>-

cpe:2.3:h:lenovo:thinkagile_hx3330:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3331_firmware>>Versions before 2.93_afbt30p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3331_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3331>>-

cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3331_firmware>>Versions before 4.71_d8bt48p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3331_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3331>>-

cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3375_firmware>>Versions before 4.71_d8bt48p(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3375>>-

cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3376_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3376>>-

cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3520-g_firmware>>Versions before 8.88_cdi3a4a(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3520-g_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3520-g>>-

cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3521-g_firmware>>Versions before 3.72_tei388s(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3521-g_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3521-g>>-

cpe:2.3:h:lenovo:thinkagile_hx3521-g:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3720_firmware>>Versions before 3.72_tei388s(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3720_firmware:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-134	Primary	nvd@nist.gov
CWE-134	Secondary	psirt@lenovo.com

CWE ID: CWE-134

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-134

Type: Secondary

Source: psirt@lenovo.com

References

Hyperlink	Source	Resource
https://support.lenovo.com/us/en/product_security/LEN-99936	psirt@lenovo.com	Vendor Advisory

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-99936

Source: psirt@lenovo.com

Resource:

Vendor Advisory