high
8.8
CWE
20
Advisory Published
Updated

CVE-2023-0683: Input Validation

First published: Mon May 01 2023(Updated: )

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
lenovo thinkagile hx5530 firmware<2.93_afbt30p
lenovo thinkagile hx5530 firmware
Lenovo ThinkAgile HX7530 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX7530 Firmware
Lenovo ThinkAgile VX3331 Firmware<2.93_afbt30p
Lenovo ThinkAgile VX3331 Firmware
Lenovo ThinkAgile HX Enclosure Firmware<3.72_tei388s
Lenovo ThinkAgile HX Enclosure 7x81
Lenovo ThinkAgile HX1021 EDG Firmware<3.72_tei388s
Lenovo ThinkAgile HX1021 Firmware
Lenovo ThinkAgile HX1320 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX1320 Firmware
Lenovo ThinkAgile HX1321 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX1321 Firmware
Lenovo ThinkAgile HX1331 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX1331 Firmware
Lenovo ThinkAgile HX1520-R Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX1520-R Firmware
Lenovo ThinkAgile HX1521-R<8.88_cdi3a4a
Lenovo ThinkAgile HX1521-R Firmware
Lenovo ThinkAgile HX2320-E Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX2320-E Firmware
lenovo thinkagile hx2321 firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX2321
Lenovo ThinkAgile HX2330 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX2330 Firmware=2.93_afbt30p
Lenovo ThinkAgile HX2330 Firmware
Lenovo ThinkAgile HX2331 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX2331 Firmware
Lenovo ThinkAgile HX2720-E Firmware<3.72_tei388s
Lenovo ThinkAgile HX2720-E Firmware
Lenovo ThinkAgile HX3320 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX3320 Firmware
Lenovo ThinkAgile HX3321 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX3321 Firmware
Lenovo ThinkAgile HX3330 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX3330 Firmware
Lenovo ThinkAgile HX3331 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX3331 Firmware
Lenovo ThinkAgile HX3331 Firmware<4.71_d8bt48p
lenovo thinkagile hx3375 firmware<4.71_d8bt48p
Lenovo ThinkAgile HX3375
Lenovo ThinkAgile HX3376 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX3376 Firmware
Lenovo ThinkAgile HX3520-G Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX3520-G
Lenovo ThinkAgile HX3521-G Firmware<3.72_tei388s
Lenovo ThinkAgile HX3521-G Firmware
Lenovo ThinkAgile HX3720 Firmware<3.72_tei388s
Lenovo ThinkAgile HX3720 Firmware
Lenovo ThinkAgile HX3721 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX3721 Firmware
Lenovo ThinkAgile HX5520 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX5520-C
Lenovo ThinkAgile HX5520-C Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX5520
Lenovo ThinkAgile HX5521-C Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX5521 Firmware
Lenovo ThinkAgile HX5521 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX5521
Lenovo ThinkAgile HX5531 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX5531 Firmware
lenovo thinkagile hx7520 firmware<8.88_cdi3a4a
Lenovo ThinkAgile HX7520
Lenovo ThinkAgile HX7521 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX7521 Firmware
Lenovo ThinkAgile HX7531 Firmware<2.93_afbt30p
Lenovo ThinkAgile HX7531 Firmware
Lenovo ThinkAgile HX7531 Firmware<2.75_psi348s
Lenovo ThinkAgile HX7820 Firmware<2.75_psi348s
Lenovo ThinkAgile HX7820 Firmware
Lenovo ThinkAgile HX7821 Firmware<3.72_tei388s
Lenovo ThinkAgile HX7821
Lenovo ThinkAgile MX Edge - MX1020 Firmware<2.93_afbt30p
Lenovo ThinkAgile MX Edge - MX1020
Lenovo ThinkAgile MX3330-F Firmware<2.93_afbt30p
Lenovo ThinkAgile MX3330-F Firmware
Lenovo ThinkAgile MX3330-H Firmware<2.93_afbt30p
Lenovo ThinkAgile MX3330-H Firmware
Lenovo ThinkAgile MX3331-F Firmware<2.93_afbt30p
Lenovo ThinkAgile MX3331-F All-Flash
Lenovo ThinkAgile MX3331-H Firmware<2.93_afbt30p
Lenovo ThinkAgile MX3331-H Firmware
Lenovo ThinkAgile MX3530 F Firmware<2.93_afbt30p
Lenovo ThinkAgile MX3530 F Firmware
Lenovo ThinkAgile MX3530-H Firmware<2.93_afbt30p
Lenovo ThinkAgile MX3530-H Firmware
Lenovo ThinkAgile MX3531 H Firmware<2.93_afbt30p
Lenovo ThinkAgile MX3531 H Hybrid
Lenovo ThinkAgile MX3531-F<3.72_tei388s
Lenovo ThinkAgile MX3531-F All-Flash
lenovo thinkagile mx1021 firmware<3.72_tei388s
Lenovo ThinkAgile MX1021
Lenovo ThinkAgile VX 1SE Firmware<3.72_tei388s
Lenovo ThinkAgile VX 1SE Firmware
Lenovo ThinkAgile VX 2U4N Firmware<3.72_tei388s
Lenovo ThinkAgile VX 2U4N Firmware
Lenovo ThinkAgile VX 4U Firmware<2.75_psi348s
Lenovo ThinkAgile VX 4U Firmware
Lenovo ThinkAgile Vx1320 Firmware<3.72_tei388s
Lenovo ThinkAgile Vx1320 Firmware
Lenovo ThinkAgile Vx2320 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile Vx2320 Firmware
Lenovo ThinkAgile VX2330 Firmware<2.93_afbt30p
Lenovo ThinkAgile VX2330
Lenovo ThinkAgile Vx3320 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile Vx3320 Firmware
Lenovo ThinkAgile VX3330 Firmware<2.93_afbt30p
Lenovo ThinkAgile VX3330 Firmware
Lenovo ThinkAgile Vx3520-G Firmware<8.88_cdi3a4a
Lenovo ThinkAgile Vx3520-G Firmware
lenovo thinkagile vx3530-g firmware<2.93_afbt30p
Lenovo ThinkAgile VX3530-G
Lenovo ThinkAgile VX3720 Firmware<3.72_tei388s
Lenovo ThinkAgile VX3720 Firmware
Lenovo ThinkAgile VX5520 Firmware<8.88_cdi3a4a
Lenovo ThinkAgile VX5520 Firmware
Lenovo ThinkAgile VX5530 Firmware<2.93_afbt30p
Lenovo ThinkAgile VX5530 Firmware
Lenovo ThinkAgile VX7320 N Firmware<8.88_cdi3a4a
Lenovo ThinkAgile VX7320 N
Lenovo ThinkAgile VX7330 Firmware<2.93_afbt30p
Lenovo ThinkAgile VX7330 Firmware
Lenovo ThinkAgile Vx7520 N Firmware<8.88_cdi3a4a
Lenovo ThinkAgile VX7520
Lenovo ThinkAgile Vx7520 N Firmware<8.88_cdi3a4a
Lenovo ThinkAgile VX7520
Lenovo ThinkAgile VX7530<2.93_afbt30p
Lenovo ThinkAgile VX7530
lenovo thinkagile vx7531 firmware<2.93_afbt30p
lenovo thinkagile vx7531 firmware
Lenovo ThinkAgile VX7820 Firmware<2.75_psi348s
Lenovo ThinkAgile VX7820
Lenovo ThinkEdge SE450 Firmware<1.60_usx324o
Lenovo ThinkEdge SE450 Firmware
Lenovo ThinkStation P920 Firmware<8.88_cdi3a4a
Lenovo ThinkStation P920
Lenovo ThinkSystem SD530<3.72_tei388s
Lenovo ThinkSystem SD530 Firmware
Lenovo ThinkSystem SD630 V2<2.60_tgbt42h
Lenovo ThinkSystem SD630 V2 Firmware
Lenovo ThinkSystem SD650 Firmware<3.72_tei388s
Lenovo ThinkSystem SD650
Lenovo ThinkSystem SD650-N V2 Firmware<2.60_tgbt42h
Lenovo ThinkSystem SD650 V2 Firmware
Lenovo ThinkSystem SD650-N V2 Firmware<2.60_tgbt42h
Lenovo ThinkSystem SD650-N V2 Firmware
Lenovo ThinkSystem SE350 Firmware<3.72_tei388s
Lenovo ThinkSystem SE350
Lenovo ThinkSystem SN550 V2 Firmware<3.72_tei388s
Lenovo ThinkSystem SN550 Firmware
Lenovo ThinkSystem SN550 V2 Firmware<2.60_tgbt42h
Lenovo ThinkSystem SN550 V2 Firmware
lenovo thinksystem sn850 firmware<3.72_tei388s
Lenovo ThinkSystem SN850
Lenovo ThinkSystem SR150 Firmware<3.72_tei388s
Lenovo ThinkSystem SR150
Lenovo ThinkSystem SR158 Firmware<3.72_tei388s
Lenovo ThinkSystem SR158 Firmware
Lenovo ThinkSystem SR250 Firmware<3.72_tei388s
Lenovo ThinkSystem SR250 V2
Lenovo ThinkSystem SR250 V2 Firmware<2.60_tgbt42h
Lenovo ThinkSystem SR250 V2 Firmware
Lenovo ThinkSystem SR258 Firmware<3.72_tei388s
Lenovo ThinkSystem SR258 V2
lenovo thinksystem sr258 v2 firmware<2.60_tgbt42h
Lenovo ThinkSystem SR258 V2
Lenovo ThinkSystem SR530 Firmware<8.88_cdi3a4a
Lenovo ThinkSystem SR530
Lenovo ThinkSystem SR550 Firmware<8.88_cdi3a4a
Lenovo ThinkSystem SR550
Lenovo ThinkSystem SR570 Firmware<8.88_cdi3a4a
Lenovo ThinkSystem SR570
Lenovo ThinkSystem SR590 Firmware<8.88_cdi3a4a
Lenovo ThinkSystem SR590
Lenovo ThinkSystem SR630 Firmware<8.88_cdi3a4a
Lenovo ThinkSystem SR630 Firmware
Lenovo ThinkSystem SR630 V2<2.93_afbt30p
Lenovo ThinkSystem SR630 V2 Firmware
Lenovo ThinkSystem SR645 Firmware<4.71_d8bt48p
Lenovo ThinkSystem SR645 Firmware
Lenovo ThinkSystem SR645 Firmware<4.71_d8bt48p
Lenovo ThinkSystem SR645 V3 Firmware
Lenovo ThinkSystem SR650 Firmware<8.88_cdi3a4a
Lenovo ThinkSystem SR650 V2
Lenovo ThinkSystem SR650 Firmware<2.93_afbt30p
Lenovo ThinkSystem SR650 V2 Firmware
Lenovo ThinkSystem SR665 Firmware<4.71_d8bt48p
Lenovo ThinkSystem SR665
Lenovo ThinkSystem SD665 V3 Firmware<4.71_d8bt48p
Lenovo ThinkSystem SR665 V3 Firmware
Lenovo ThinkSystem SR670 V2<3.72_tei388s
Lenovo ThinkSystem SR670 V2
Lenovo ThinkSystem SR670 V2<2.60_tgbt42h
Lenovo ThinkSystem SR670
Lenovo ThinkSystem SR850 V3 Firmware<3.72_tei388s
Lenovo ThinkSystem SR850P
Lenovo ThinkSystem SR850 V2 Firmware<2.60_tgbt42h
Lenovo ThinkSystem SR850 V2 Firmware
Lenovo ThinkSystem SR850P Firmware<3.72_tei388s
Lenovo ThinkSystem SR850P
Lenovo ThinkSystem SR860 Firmware<3.72_tei388s
Lenovo ThinkSystem SR860 Firmware
Lenovo ThinkSystem SR860 V2 Firmware<2.60_tgbt42h
Lenovo ThinkSystem SR860 V2 Firmware
Lenovo ThinkSystem SR950 Firmware<2.75_psi348s
Lenovo ThinkSystem SR950 Firmware
Lenovo ThinkSystem ST250 Firmware<3.72_tei388s
Lenovo ThinkSystem ST250 V2
lenovo thinksystem st250 v2 firmware<2.60_tgbt42h
Lenovo ThinkSystem ST250 V2
Lenovo ThinkSystem ST258 Firmware<3.72_tei388s
Lenovo ThinkSystem ST258 Firmware
Lenovo ThinkSystem ST258 Firmware<2.60_tgbt42h
Lenovo ThinkSystem ST258 Firmware
Lenovo ThinkSystem ST550 Firmware<8.88_cdi3a4a
Lenovo ThinkSystem ST550 Firmware
Lenovo ThinkSystem ST650 V2<2.60_tgbt42h
Lenovo ThinkSystem ST650 V2 Firmware
Lenovo ThinkSystem ST658 V2<2.60_tgbt42h
Lenovo ThinkSystem ST658 V2 Firmware

Remedy

Customers should update to the version (or later) of Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory: https://support.lenovo.com/us/en/product_security/LEN-99936 https://support.lenovo.com/us/en/product_security/LEN-99936

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-0683?

    CVE-2023-0683 is classified as a high severity vulnerability that allows authenticated users to gain elevated privileges.

  • How do I fix CVE-2023-0683?

    To fix CVE-2023-0683, update to the latest firmware version that addresses this vulnerability as recommended by Lenovo.

  • What systems are affected by CVE-2023-0683?

    CVE-2023-0683 affects multiple Lenovo ThinkAgile systems with specific firmware versions, including HX5530, HX7530, and others around version 2.93_afbt30p.

  • Can an unauthenticated user exploit CVE-2023-0683?

    No, CVE-2023-0683 requires an authenticated user with read-only access to exploit the vulnerability.

  • What type of attack is CVE-2023-0683 associated with?

    CVE-2023-0683 is associated with privilege escalation attacks through crafted API calls.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203