Thinkagile Hx5530 Firmware
CVE-2023-29058
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
AnalysisAI
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. Affected products include: Lenovo Thinkagile Hx5530 Firmware, Lenovo Thinkagile Hx7530 Firmware, Lenovo Thinkagile Vx3331 Firmware, Lenovo Thinkagile Hx Enclosure Firmware, Lenovo Thinkagile Hx1021 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
More in Thinkagile Hx5530 Firmware
View allAn authenticated XCC user can change permissions for any user through a crafted API command. Rated high severity (CVSS 8
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API ca
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations.
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted AP
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. Rated
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password u
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today