What is the severity of CVE-2023-25492?

CVE-2023-25492 is reported to have a severity that can lead to denial of service or undefined behavior for authenticated users.

How do I fix CVE-2023-25492?

To mitigate CVE-2023-25492, users should update to versions of affected firmware beyond 2.93_afbt30p or 3.72_tei388s, depending on the model.

Which Lenovo ThinkAgile models are affected by CVE-2023-25492?

The CVE-2023-25492 vulnerability primarily affects specific firmware versions of Lenovo ThinkAgile models including HX5530, HX7530, and others.

Can CVE-2023-25492 be exploited without authentication?

No, CVE-2023-25492 requires a valid authenticated user to exploit the vulnerability.

What behavior can be triggered by CVE-2023-25492?

CVE-2023-25492 can lead to a denial of service of the XCC web user interface or cause other undefined behavior.

Vulnerability/
CVE-2023-25492

high

8.8

CWE

134

1/5/2023

30/1/2025

CVE-2023-25492

First published: Mon May 01 2023(Updated: )

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
lenovo thinkagile hx5530 firmware	<2.93_afbt30p
lenovo thinkagile hx5530 firmware
Lenovo ThinkAgile HX7530 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX7530 Firmware
Lenovo ThinkAgile VX3331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX3331 Firmware
Lenovo ThinkAgile HX Enclosure Firmware	<3.72_tei388s
Lenovo ThinkAgile HX Enclosure 7x81
Lenovo ThinkAgile HX1021 EDG Firmware	<3.72_tei388s
Lenovo ThinkAgile HX1021 Firmware
Lenovo ThinkAgile HX1320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX1320 Firmware
Lenovo ThinkAgile HX1321 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX1321 Firmware
Lenovo ThinkAgile HX1331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX1331 Firmware
Lenovo ThinkAgile HX1520-R Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX1520-R Firmware
Lenovo ThinkAgile HX1521-R	<8.88_cdi3a4a
Lenovo ThinkAgile HX1521-R Firmware
Lenovo ThinkAgile HX2320-E Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX2320-E Firmware
lenovo thinkagile hx2321 firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX2321
Lenovo ThinkAgile HX2330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX2330 Firmware	=2.93_afbt30p
Lenovo ThinkAgile HX2330 Firmware
Lenovo ThinkAgile HX2331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX2331 Firmware
Lenovo ThinkAgile HX2720-E Firmware	<3.72_tei388s
Lenovo ThinkAgile HX2720-E Firmware
Lenovo ThinkAgile HX3320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3320 Firmware
Lenovo ThinkAgile HX3321 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3321 Firmware
Lenovo ThinkAgile HX3330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX3330 Firmware
Lenovo ThinkAgile HX3331 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX3331 Firmware
Lenovo ThinkAgile HX3331 Firmware	<4.71_d8bt48p
lenovo thinkagile hx3375 firmware	<4.71_d8bt48p
Lenovo ThinkAgile HX3375
Lenovo ThinkAgile HX3376 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3376 Firmware
Lenovo ThinkAgile HX3520-G Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3520-G
Lenovo ThinkAgile HX3521-G Firmware	<3.72_tei388s
Lenovo ThinkAgile HX3521-G Firmware
Lenovo ThinkAgile HX3720 Firmware	<3.72_tei388s
Lenovo ThinkAgile HX3720 Firmware
Lenovo ThinkAgile HX3721 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX3721 Firmware
Lenovo ThinkAgile HX5520 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5520-C
Lenovo ThinkAgile HX5520-C Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5520
Lenovo ThinkAgile HX5521-C Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5521 Firmware
Lenovo ThinkAgile HX5521 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX5521
Lenovo ThinkAgile HX5531 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX5531 Firmware
lenovo thinkagile hx7520 firmware	<8.88_cdi3a4a
Lenovo ThinkAgile HX7520
Lenovo ThinkAgile HX7521 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX7521 Firmware
Lenovo ThinkAgile HX7531 Firmware	<2.93_afbt30p
Lenovo ThinkAgile HX7531 Firmware
Lenovo ThinkAgile HX7531 Firmware	<2.75_psi348s
Lenovo ThinkAgile HX7820 Firmware	<2.75_psi348s
Lenovo ThinkAgile HX7820 Firmware
Lenovo ThinkAgile HX7821 Firmware	<3.72_tei388s
Lenovo ThinkAgile HX7821
Lenovo ThinkAgile MX Edge - MX1020 Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX Edge - MX1020
Lenovo ThinkAgile MX3330-F Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3330-F Firmware
Lenovo ThinkAgile MX3330-H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3330-H Firmware
Lenovo ThinkAgile MX3331-F Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3331-F All-Flash
Lenovo ThinkAgile MX3331-H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3331-H Firmware
Lenovo ThinkAgile MX3530 F Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3530 F Firmware
Lenovo ThinkAgile MX3530-H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3530-H Firmware
Lenovo ThinkAgile MX3531 H Firmware	<2.93_afbt30p
Lenovo ThinkAgile MX3531 H Hybrid
Lenovo ThinkAgile MX3531-F	<3.72_tei388s
Lenovo ThinkAgile MX3531-F All-Flash
lenovo thinkagile mx1021 firmware	<3.72_tei388s
Lenovo ThinkAgile MX1021
Lenovo ThinkAgile VX 1SE Firmware	<3.72_tei388s
Lenovo ThinkAgile VX 1SE Firmware
Lenovo ThinkAgile VX 2U4N Firmware	<3.72_tei388s
Lenovo ThinkAgile VX 2U4N Firmware
Lenovo ThinkAgile VX 4U Firmware	<2.75_psi348s
Lenovo ThinkAgile VX 4U Firmware
Lenovo ThinkAgile Vx1320 Firmware	<3.72_tei388s
Lenovo ThinkAgile Vx1320 Firmware
Lenovo ThinkAgile Vx2320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile Vx2320 Firmware
Lenovo ThinkAgile VX2330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX2330
Lenovo ThinkAgile Vx3320 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile Vx3320 Firmware
Lenovo ThinkAgile VX3330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX3330 Firmware
Lenovo ThinkAgile Vx3520-G Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile Vx3520-G Firmware
lenovo thinkagile vx3530-g firmware	<2.93_afbt30p
Lenovo ThinkAgile VX3530-G
Lenovo ThinkAgile VX3720 Firmware	<3.72_tei388s
Lenovo ThinkAgile VX3720 Firmware
Lenovo ThinkAgile VX5520 Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX5520 Firmware
Lenovo ThinkAgile VX5530 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX5530 Firmware
Lenovo ThinkAgile VX7320 N Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX7320 N
Lenovo ThinkAgile VX7330 Firmware	<2.93_afbt30p
Lenovo ThinkAgile VX7330 Firmware
Lenovo ThinkAgile Vx7520 N Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX7520
Lenovo ThinkAgile Vx7520 N Firmware	<8.88_cdi3a4a
Lenovo ThinkAgile VX7520
Lenovo ThinkAgile VX7530	<2.93_afbt30p
Lenovo ThinkAgile VX7530
lenovo thinkagile vx7531 firmware	<2.93_afbt30p
lenovo thinkagile vx7531 firmware
Lenovo ThinkAgile VX7820 Firmware	<2.75_psi348s
Lenovo ThinkAgile VX7820
Lenovo ThinkEdge SE450 Firmware	<1.60_usx324o
Lenovo ThinkEdge SE450 Firmware
Lenovo ThinkStation P920 Firmware	<8.88_cdi3a4a
Lenovo ThinkStation P920
Lenovo ThinkSystem SD530	<3.72_tei388s
Lenovo ThinkSystem SD530 Firmware
Lenovo ThinkSystem SD630 V2	<2.60_tgbt42h
Lenovo ThinkSystem SD630 V2 Firmware
Lenovo ThinkSystem SD650 Firmware	<3.72_tei388s
Lenovo ThinkSystem SD650
Lenovo ThinkSystem SD650-N V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SD650 V2 Firmware
Lenovo ThinkSystem SD650-N V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SD650-N V2 Firmware
Lenovo ThinkSystem SE350 Firmware	<3.72_tei388s
Lenovo ThinkSystem SE350
Lenovo ThinkSystem SN550 V2 Firmware	<3.72_tei388s
Lenovo ThinkSystem SN550 Firmware
Lenovo ThinkSystem SN550 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SN550 V2 Firmware
lenovo thinksystem sn850 firmware	<3.72_tei388s
Lenovo ThinkSystem SN850
Lenovo ThinkSystem SR150 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR150
Lenovo ThinkSystem SR158 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR158 Firmware
Lenovo ThinkSystem SR250 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR250 V2
Lenovo ThinkSystem SR250 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR250 V2 Firmware
Lenovo ThinkSystem SR258 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR258 V2
lenovo thinksystem sr258 v2 firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR258 V2
Lenovo ThinkSystem SR530 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR530
Lenovo ThinkSystem SR550 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR550
Lenovo ThinkSystem SR570 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR570
Lenovo ThinkSystem SR590 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR590
Lenovo ThinkSystem SR630 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR630 Firmware
Lenovo ThinkSystem SR630 V2	<2.93_afbt30p
Lenovo ThinkSystem SR630 V2 Firmware
Lenovo ThinkSystem SR645 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR645 Firmware
Lenovo ThinkSystem SR645 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR645 V3 Firmware
Lenovo ThinkSystem SR650 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem SR650 V2
Lenovo ThinkSystem SR650 Firmware	<2.93_afbt30p
Lenovo ThinkSystem SR650 V2 Firmware
Lenovo ThinkSystem SR665 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR665
Lenovo ThinkSystem SD665 V3 Firmware	<4.71_d8bt48p
Lenovo ThinkSystem SR665 V3 Firmware
Lenovo ThinkSystem SR670 V2	<3.72_tei388s
Lenovo ThinkSystem SR670 V2
Lenovo ThinkSystem SR670 V2	<2.60_tgbt42h
Lenovo ThinkSystem SR670
Lenovo ThinkSystem SR850 V3 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR850P
Lenovo ThinkSystem SR850 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR850 V2 Firmware
Lenovo ThinkSystem SR850P Firmware	<3.72_tei388s
Lenovo ThinkSystem SR850P
Lenovo ThinkSystem SR860 Firmware	<3.72_tei388s
Lenovo ThinkSystem SR860 Firmware
Lenovo ThinkSystem SR860 V2 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem SR860 V2 Firmware
Lenovo ThinkSystem SR950 Firmware	<2.75_psi348s
Lenovo ThinkSystem SR950 Firmware
Lenovo ThinkSystem ST250 Firmware	<3.72_tei388s
Lenovo ThinkSystem ST250 V2
lenovo thinksystem st250 v2 firmware	<2.60_tgbt42h
Lenovo ThinkSystem ST250 V2
Lenovo ThinkSystem ST258 Firmware	<3.72_tei388s
Lenovo ThinkSystem ST258 Firmware
Lenovo ThinkSystem ST258 Firmware	<2.60_tgbt42h
Lenovo ThinkSystem ST258 Firmware
Lenovo ThinkSystem ST550 Firmware	<8.88_cdi3a4a
Lenovo ThinkSystem ST550 Firmware
Lenovo ThinkSystem ST650 V2	<2.60_tgbt42h
Lenovo ThinkSystem ST650 V2 Firmware
Lenovo ThinkSystem ST658 V2	<2.60_tgbt42h
Lenovo ThinkSystem ST658 V2 Firmware

Remedy

Customers should update to the version (or later) of Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory: https://support.lenovo.com/us/en/product_security/LEN-99936 https://support.lenovo.com/us/en/product_security/LEN-99936

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/product_security/LEN-99936

Frequently Asked Questions

What is the severity of CVE-2023-25492?
CVE-2023-25492 is reported to have a severity that can lead to denial of service or undefined behavior for authenticated users.
How do I fix CVE-2023-25492?
To mitigate CVE-2023-25492, users should update to versions of affected firmware beyond 2.93_afbt30p or 3.72_tei388s, depending on the model.
Which Lenovo ThinkAgile models are affected by CVE-2023-25492?
The CVE-2023-25492 vulnerability primarily affects specific firmware versions of Lenovo ThinkAgile models including HX5530, HX7530, and others.
Can CVE-2023-25492 be exploited without authentication?
No, CVE-2023-25492 requires a valid authenticated user to exploit the vulnerability.
What behavior can be triggered by CVE-2023-25492?
CVE-2023-25492 can lead to a denial of service of the XCC web user interface or cause other undefined behavior.