CVE-2024-8279

Description

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Lenovo / HX1021 Edge Certified Node 3yr (ThinkAgile) XCC0 – 4.11 TEI3E4A
Lenovo / HX1320 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX1321 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX1331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX1520-R Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX1521-R Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX2320-E Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX2321 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX2330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX2331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX2720-E Appliance (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / HX3320 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX3321 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX3330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX3331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX3331 Node SAP HANA (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX3375 Appliance (ThinkAgile) XCC0 – 5.61 D8BT64D
Lenovo / HX3376 Certified Node (ThinkAgile) XCC0 – 5.61 D8BT64D
Lenovo / HX3520-G Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX3521-G Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX3720 Appliance (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / HX3721 Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / HX5520 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX5520-C Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX5521-C Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX5521 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX5530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX5531 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX7520 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX7521 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / HX7530 Appl for SAP HANA (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX7530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX7531 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX7531 Node SAP HANA (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / HX7820 Appliance (ThinkAgile) XCC0 – 3.11 PSI354A
Lenovo / HX7821 Certified Node (ThinkAgile) XCC0 – 3.11 PSI354A
Lenovo / HX Enclosure Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / MX3330-F All-flash Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX3330-H Hybrid Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX3331-F All-flash Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX3331-H Hybrid Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX3530 F All flash Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX3530-H Hybrid Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX3531-F All-flash Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX3531 H Hybrid Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / MX Edge Appliance - MX1020 (ThinkAgile) XCC0 – 4.11 TEI3E4A
Lenovo / P920 Rack Workstation (ThinkStation) XCC0 – 9.97 CDI3B4B
Lenovo / SD530 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SD530 V3 (ThinkSystem) XCC0 – 1.20 USX352
Lenovo / SD550 V3 (ThinkSystem) XCC0 – 1.20 USX352
Lenovo / SD630 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SD650 DWC Dual Node Tray (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SD650-N V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SD650 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SD650 V3 (ThinkSystem) XCC0 – 6.10 USX350G
Lenovo / SD665 V3 (ThinkSystem) XCC0 – 6.10 QGX340J
Lenovo / SE350 (ThinkSystem) XCC0 – 4.11 TEI3E4A
Lenovo / SE350 V2 (ThinkEdge) XCC0 – 3.11 IYX328M
Lenovo / SE360 V2 (ThinkEdge) XCC0 – 3.11 IYX328M
Lenovo / SE450 (ThinkEdge) XCC0 – 3.11 USX332X
Lenovo / SE455 V3 (ThinkEdge) XCC0 – 3.10 MBX308L
Lenovo / SN550 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SN550 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SN850 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SR150 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SR158 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SR250 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SR250 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SR250 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
Lenovo / SR258 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SR258 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SR258 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
Lenovo / SR530 (ThinkSystem) XCC0 – 9.97 CDI3B4B
Lenovo / SR550 (ThinkSystem) XCC0 – 9.97 CDI3B4B
Lenovo / SR570 (ThinkSystem) XCC0 – 9.97 CDI3B4B
Lenovo / SR590 (ThinkSystem) XCC0 – 9.97 CDI3B4B
Lenovo / SR630 (ThinkSystem) XCC0 – 9.97 CDI3B4B
Lenovo / SR630 V2 (ThinkSystem) XCC0 – 4.71 AFBT48C
Lenovo / SR630 V3 (ThinkSystem) XCC0 – 5.10 ESX330M
Lenovo / SR635 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
Lenovo / SR645 (ThinkSystem) XCC0 – 5.61 D8BT64D
Lenovo / SR645 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
Lenovo / SR650 (ThinkSystem) XCC0 – 9.97 CDI3B4B
Lenovo / SR650 V2 (ThinkSystem) XCC0 – 4.71 AFBT48C
Lenovo / SR650 V3 (ThinkSystem) XCC0 – 5.10 ESX330M
Lenovo / SR655 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
Lenovo / SR665 (ThinkSystem) XCC0 – 5.61 D8BT64D
Lenovo / SR665 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
Lenovo / SR670 (ThinkSystem) XCC0 – 4.11 TEI3E4A
Lenovo / SR670 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SR675 V3 (ThinkSystem) XCC0 – 6.10 QGX340J
Lenovo / SR850P (ThinkSystem) XCC0 – 4.11 TEI3E4A
Lenovo / SR850 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SR850 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SR850 V3 (ThinkSystem) XCC0 – 4.10 RSX312I
Lenovo / SR860 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / SR860 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / SR860 V3 (ThinkSystem) XCC0 – 4.10 RSX312I
Lenovo / SR950 (ThinkSystem) XCC0 – 3.11 PSI354A
Lenovo / SR950 V3 (ThinkSystem) XCC0 – 3.10 EBX308I
Lenovo / ST250 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / ST250 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / ST250 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
Lenovo / ST258 (ThinkSystem) XCC0 – 6.36 TEI3F4A
Lenovo / ST258 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / ST258 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
Lenovo / ST550 (ThinkSystem) XCC0 – 9.97 CDI3B4B
Lenovo / ST650 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / ST650 V3 (ThinkSystem) XCC0 – 6.10 USX350G
Lenovo / ST658 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
Lenovo / ST658 V3 (ThinkSystem) XCC0 – 6.10 USX350G
Lenovo / ThinkAgile MX1021 on SE350 XCC0 – 4.11 TEI3E4A
Lenovo / VX1320 (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / VX 1SE Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / VX2320 (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / VX2330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / VX 2U4N Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / VX3320 (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / VX3330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / VX3331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / VX3520-G (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / VX3530-G Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / VX3720 (ThinkAgile) XCC0 – 6.36 TEI3F4A
Lenovo / VX 4U Certified Node (ThinkAgile) XCC0 – 3.11 PSI354A
Lenovo / VX5520 (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / VX5530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / VX635 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
Lenovo / VX645 V3 Certified Node (ThinkAgile) XCC0 – 3.20 KAX334O
Lenovo / VX645 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
Lenovo / VX655 V3 Certified Node (ThinkAgile) XCC0 – 3.20 KAX334O
Lenovo / VX655 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
Lenovo / VX665 V3 Certified Node (ThinkAgile) XCC0 – 3.20 KAX334O
Lenovo / VX665 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
Lenovo / VX7320 N (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / VX7330 Appliance (Thinkagile) XCC0 – 4.71 AFBT48C
Lenovo / VX7520 N (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / VX7520 (ThinkAgile) XCC0 – 9.97 CDI3B4B
Lenovo / VX7530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / VX7531 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
Lenovo / VX7820 (ThinkAgile) XCC0 – 3.11 PSI354A

References

MISChttps://support.lenovo.com/us/en/product_security/LEN-172051