What is the vulnerability ID CVE-2020-8355?

CVE-2020-8355 is a vulnerability discovered in Lenovo XClarity Administrator (LXCA) prior to version 3.1.0.

What is the severity level of CVE-2020-8355?

The severity level of CVE-2020-8355 is medium, with a severity value of 4.9.

What is the affected software of CVE-2020-8355?

The affected software of CVE-2020-8355 is Lenovo XClarity Administrator version prior to 3.1.0.

How can I fix CVE-2020-8355?

To fix CVE-2020-8355, users should update Lenovo XClarity Administrator to version 3.1.0 or later.

Vulnerability/
CVE-2020-8355

medium

4.9

CWE

319

10/2/2021

17/9/2024

CVE-2020-8355

Q: How can the Windows OS credentials be captured in CVE-2020-8355?

The Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log.

First published: Wed Feb 10 2021(Updated: )

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
Lenovo XClarity Administrator	<3.1.0

Remedy

Update your LXCA installation to version 3.1.0 or later.

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/product_security/LEN-50446

Frequently Asked Questions

What is the vulnerability ID CVE-2020-8355?
CVE-2020-8355 is a vulnerability discovered in Lenovo XClarity Administrator (LXCA) prior to version 3.1.0.
What is the severity level of CVE-2020-8355?
The severity level of CVE-2020-8355 is medium, with a severity value of 4.9.
What is the affected software of CVE-2020-8355?
The affected software of CVE-2020-8355 is Lenovo XClarity Administrator version prior to 3.1.0.
How can the Windows OS credentials be captured in CVE-2020-8355?
The Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log.
How can I fix CVE-2020-8355?
To fix CVE-2020-8355, users should update Lenovo XClarity Administrator to version 3.1.0 or later.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/references
agent/severity
agent/remedy
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/lenovo
canonical/lenovo xclarity administrator

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.