Skip to main content

Thinkagile Vx3520 G Firmware

8 CVEs product

Monthly

CVE-2024-2659 HIGH This Week

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nextscale N1200 Enclosure Firmware Thinkagile Cp Cb 10 Firmware Thinkagile Cp Cb 10E Firmware Thinkagile Hx Enclosure Firmware +64
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-4607 HIGH This Week

An authenticated XCC user can change permissions for any user through a crafted API command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx1331 Firmware +119
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-25492 HIGH This Week

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-0683 HIGH This Week

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-29056 MEDIUM This Month

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-25495 MEDIUM This Month

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-29058 MEDIUM This Month

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29057 HIGH This Week

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.5%
EPSS 1% CVSS 7.2
HIGH This Week

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nextscale N1200 Enclosure Firmware Thinkagile Cp Cb 10 Firmware +66
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An authenticated XCC user can change permissions for any user through a crafted API command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware +121
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware +107
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware +107
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware +107
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware +107
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware +107
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware +107
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy