CVE-2023-29058

First published: Fri Apr 28 2023(Updated: )

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
	<2.93_afbt30p

	<2.93_afbt30p

	<2.93_afbt30p

	<3.72_tei388s

	<3.72_tei388s

	<8.88_cdi3a4a
Lenovo Thinkagile Hx1320
	<8.88_cdi3a4a
Lenovo Thinkagile Hx1321
	<2.93_afbt30p

	<8.88_cdi3a4a
Lenovo Thinkagile Hx1520-r
	<8.88_cdi3a4a
Lenovo Thinkagile Hx1521-r
	<8.88_cdi3a4a
Lenovo Thinkagile Hx2320-e
	<8.88_cdi3a4a
Lenovo Thinkagile Hx2321
	<2.93_afbt30p
	=2.93_afbt30p

	<2.93_afbt30p

	<3.72_tei388s

	<8.88_cdi3a4a
Lenovo Thinkagile Hx3320
	<8.88_cdi3a4a
Lenovo Thinkagile Hx3321
	<2.93_afbt30p

	<2.93_afbt30p

	<4.71_d8bt48p
	<4.71_d8bt48p
Lenovo Thinkagile Hx3375
	<8.88_cdi3a4a
Lenovo Thinkagile Hx3376
	<8.88_cdi3a4a
Lenovo Thinkagile Hx3520-g
	<3.72_tei388s
Lenovo Thinkagile Hx3521-g
	<3.72_tei388s
Lenovo Thinkagile Hx3720
	<8.88_cdi3a4a

	<8.88_cdi3a4a
Lenovo Thinkagile Hx5520
	<8.88_cdi3a4a
Lenovo Thinkagile Hx5520-c
	<8.88_cdi3a4a
Lenovo Thinkagile Hx5521
	<2.93_afbt30p
Lenovo Thinkagile Hx5521-c
	<8.88_cdi3a4a

	<8.88_cdi3a4a
Lenovo Thinkagile Hx7520
	<2.93_afbt30p
Lenovo Thinkagile Hx7521
	<2.93_afbt30p

	<2.75_psi348s
	<2.75_psi348s
Lenovo Thinkagile Hx7820
	<3.72_tei388s
Lenovo Thinkagile Hx7821
	<2.93_afbt30p
Lenovo Thinkagile Mx1020
	<2.93_afbt30p

	<2.93_afbt30p

	<2.93_afbt30p

	<2.93_afbt30p

	<2.93_afbt30p

	<2.93_afbt30p

	<2.93_afbt30p

	<3.72_tei388s

	<3.72_tei388s

	<3.72_tei388s

	<3.72_tei388s

	<2.75_psi348s

	<3.72_tei388s

	<8.88_cdi3a4a
Lenovo Thinkagile Vx2320
	<2.93_afbt30p

	<8.88_cdi3a4a
Lenovo Thinkagile Vx3320
	<2.93_afbt30p

	<8.88_cdi3a4a
Lenovo Thinkagile Vx3520-g
	<2.93_afbt30p

	<3.72_tei388s

	<8.88_cdi3a4a
Lenovo Thinkagile Vx5520
	<2.93_afbt30p

	<8.88_cdi3a4a
Lenovo Thinkagile Vx7320 N
	<2.93_afbt30p

	<8.88_cdi3a4a
Lenovo Thinkagile Vx7520
	<8.88_cdi3a4a
Lenovo Thinkagile Vx7520 N
	<2.93_afbt30p

	<2.93_afbt30p

	<2.75_psi348s

	<1.60_usx324o

Lenovo Thinkstation P920 Firmware	<8.88_cdi3a4a
Lenovo Thinkstation P920
	<3.72_tei388s
Lenovo Thinksystem Sd530
	<2.60_tgbt42h

	<3.72_tei388s
Lenovo Thinksystem Sd650
	<2.60_tgbt42h

	<2.60_tgbt42h

	<3.72_tei388s
Lenovo Thinksystem Se350
	<3.72_tei388s
Lenovo Thinksystem Sn550
	<2.60_tgbt42h

	<3.72_tei388s
Lenovo Thinksystem Sn850
	<3.72_tei388s
Lenovo Thinksystem Sr150
	<3.72_tei388s
Lenovo Thinksystem Sr158
	<3.72_tei388s
Lenovo Thinksystem Sr250
	<2.60_tgbt42h

	<3.72_tei388s
Lenovo Thinksystem Sr258
	<2.60_tgbt42h

	<8.88_cdi3a4a
Lenovo Thinksystem Sr530
	<8.88_cdi3a4a
Lenovo Thinksystem Sr550
	<8.88_cdi3a4a
Lenovo Thinksystem Sr570
	<8.88_cdi3a4a
Lenovo Thinksystem Sr590
Lenovo Thinksystem Sr630 Firmware	<8.88_cdi3a4a
Lenovo Thinksystem Sr630
	<2.93_afbt30p

	<4.71_d8bt48p
Lenovo Thinksystem Sr645
	<4.71_d8bt48p

	<8.88_cdi3a4a
Lenovo Thinksystem Sr650
	<2.93_afbt30p

	<4.71_d8bt48p
Lenovo Thinksystem Sr665
	<4.71_d8bt48p

	<3.72_tei388s
Lenovo Thinksystem Sr670
	<2.60_tgbt42h

	<3.72_tei388s
Lenovo Thinksystem Sr850
	<2.60_tgbt42h

	<3.72_tei388s
Lenovo Thinksystem Sr850p
	<3.72_tei388s
Lenovo Thinksystem Sr860
	<2.60_tgbt42h

	<2.75_psi348s
Lenovo Thinksystem Sr950
	<3.72_tei388s
Lenovo Thinksystem St250
	<2.60_tgbt42h

	<3.72_tei388s
Lenovo Thinksystem St258
	<2.60_tgbt42h

	<8.88_cdi3a4a
Lenovo Thinksystem St550
	<2.60_tgbt42h

	<2.60_tgbt42h

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/product_security/LEN-118321

CVE-2023-29058

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact