CVE-2024-8281

Description

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

CVSS breakdown

Affected products

• Lenovo / HX1021 Edge Certified Node 3yr (ThinkAgile) XCC0 – 4.11 TEI3E4A
• Lenovo / HX1320 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX1321 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX1331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX1520-R Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX1521-R Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX2320-E Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX2321 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX2330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX2331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX2720-E Appliance (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / HX3320 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX3321 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX3330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX3331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX3331 Node SAP HANA (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX3375 Appliance (ThinkAgile) XCC0 – 5.61 D8BT64D
• Lenovo / HX3376 Certified Node (ThinkAgile) XCC0 – 5.61 D8BT64D
• Lenovo / HX3520-G Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX3521-G Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX3720 Appliance (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / HX3721 Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / HX5520 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX5520-C Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX5521-C Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX5521 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX5530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX5531 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX7520 Appliance (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX7521 Certified Node (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / HX7530 Appl for SAP HANA (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX7530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX7531 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX7531 Node SAP HANA (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / HX7820 Appliance (ThinkAgile) XCC0 – 3.11 PSI354A
• Lenovo / HX7821 Certified Node (ThinkAgile) XCC0 – 3.11 PSI354A
• Lenovo / HX Enclosure Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / MX3330-F All-flash Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX3330-H Hybrid Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX3331-F All-flash Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX3331-H Hybrid Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX3530 F All flash Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX3530-H Hybrid Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX3531-F All-flash Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX3531 H Hybrid Certified node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / MX Edge Appliance - MX1020 (ThinkAgile) XCC0 – 4.11 TEI3E4A
• Lenovo / P920 Rack Workstation (ThinkStation) XCC0 – 9.97 CDI3B4B
• Lenovo / SD530 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SD530 V3 (ThinkSystem) XCC0 – 1.20 USX352
• Lenovo / SD550 V3 (ThinkSystem) XCC0 – 1.20 USX352
• Lenovo / SD630 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SD650 DWC Dual Node Tray (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SD650-N V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SD650 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SD650 V3 (ThinkSystem) XCC0 – 6.10 USX350G
• Lenovo / SD665 V3 (ThinkSystem) XCC0 – 6.10 QGX340J
• Lenovo / SE350 (ThinkSystem) XCC0 – 4.11 TEI3E4A
• Lenovo / SE350 V2 (ThinkEdge) XCC0 – 3.11 IYX328M
• Lenovo / SE360 V2 (ThinkEdge) XCC0 – 3.11 IYX328M
• Lenovo / SE450 (ThinkEdge) XCC0 – 3.11 USX332X
• Lenovo / SE455 V3 (ThinkEdge) XCC0 – 3.10 MBX308L
• Lenovo / SN550 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SN550 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SN850 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SR150 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SR158 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SR250 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SR250 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SR250 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
• Lenovo / SR258 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SR258 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SR258 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
• Lenovo / SR530 (ThinkSystem) XCC0 – 9.97 CDI3B4B
• Lenovo / SR550 (ThinkSystem) XCC0 – 9.97 CDI3B4B
• Lenovo / SR570 (ThinkSystem) XCC0 – 9.97 CDI3B4B
• Lenovo / SR590 (ThinkSystem) XCC0 – 9.97 CDI3B4B
• Lenovo / SR630 (ThinkSystem) XCC0 – 9.97 CDI3B4B
• Lenovo / SR630 V2 (ThinkSystem) XCC0 – 4.71 AFBT48C
• Lenovo / SR630 V3 (ThinkSystem) XCC0 – 5.10 ESX330M
• Lenovo / SR635 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
• Lenovo / SR645 (ThinkSystem) XCC0 – 5.61 D8BT64D
• Lenovo / SR645 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
• Lenovo / SR650 (ThinkSystem) XCC0 – 9.97 CDI3B4B
• Lenovo / SR650 V2 (ThinkSystem) XCC0 – 4.71 AFBT48C
• Lenovo / SR650 V3 (ThinkSystem) XCC0 – 5.10 ESX330M
• Lenovo / SR655 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
• Lenovo / SR665 (ThinkSystem) XCC0 – 5.61 D8BT64D
• Lenovo / SR665 V3 (ThinkSystem) XCC0 – 3.20 KAX334O
• Lenovo / SR670 (ThinkSystem) XCC0 – 4.11 TEI3E4A
• Lenovo / SR670 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SR675 V3 (ThinkSystem) XCC0 – 6.10 QGX340J
• Lenovo / SR850P (ThinkSystem) XCC0 – 4.11 TEI3E4A
• Lenovo / SR850 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SR850 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SR850 V3 (ThinkSystem) XCC0 – 4.10 RSX312I
• Lenovo / SR860 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / SR860 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / SR860 V3 (ThinkSystem) XCC0 – 4.10 RSX312I
• Lenovo / SR950 (ThinkSystem) XCC0 – 3.11 PSI354A
• Lenovo / SR950 V3 (ThinkSystem) XCC0 – 3.10 EBX308I
• Lenovo / ST250 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / ST250 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / ST250 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
• Lenovo / ST258 (ThinkSystem) XCC0 – 6.36 TEI3F4A
• Lenovo / ST258 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / ST258 V3 (ThinkSystem) XCC0 – 2.10 CTX312G
• Lenovo / ST550 (ThinkSystem) XCC0 – 9.97 CDI3B4B
• Lenovo / ST650 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / ST650 V3 (ThinkSystem) XCC0 – 6.10 USX350G
• Lenovo / ST658 V2 (ThinkSystem) XCC0 – 4.11 TGBT50C
• Lenovo / ST658 V3 (ThinkSystem) XCC0 – 6.10 USX350G
• Lenovo / ThinkAgile MX1021 on SE350 XCC0 – 4.11 TEI3E4A
• Lenovo / VX1320 (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / VX 1SE Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / VX2320 (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / VX2330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / VX 2U4N Certified Node (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / VX3320 (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / VX3330 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / VX3331 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / VX3520-G (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / VX3530-G Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / VX3720 (ThinkAgile) XCC0 – 6.36 TEI3F4A
• Lenovo / VX 4U Certified Node (ThinkAgile) XCC0 – 3.11 PSI354A
• Lenovo / VX5520 (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / VX5530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / VX635 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
• Lenovo / VX645 V3 Certified Node (ThinkAgile) XCC0 – 3.20 KAX334O
• Lenovo / VX645 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
• Lenovo / VX655 V3 Certified Node (ThinkAgile) XCC0 – 3.20 KAX334O
• Lenovo / VX655 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
• Lenovo / VX665 V3 Certified Node (ThinkAgile) XCC0 – 3.20 KAX334O
• Lenovo / VX665 V3 Integrated System (ThinkAgile) XCC0 – 3.20 KAX334O
• Lenovo / VX7320 N (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / VX7330 Appliance (Thinkagile) XCC0 – 4.71 AFBT48C
• Lenovo / VX7520 N (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / VX7520 (ThinkAgile) XCC0 – 9.97 CDI3B4B
• Lenovo / VX7530 Appliance (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / VX7531 Certified Node (ThinkAgile) XCC0 – 4.71 AFBT48C
• Lenovo / VX7820 (ThinkAgile) XCC0 – 3.11 PSI354A

References

• MISChttps://support.lenovo.com/us/en/product_security/LEN-172051