First published: Tue Oct 24 2023(Updated: )
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Thinkagile Hx5530 Firmware | ||
Lenovo Thinkagile Hx5530 | ||
Lenovo Thinkagile Hx7530 Firmware | ||
Lenovo Thinkagile Hx7530 | ||
Lenovo Thinkagile Vx3331 Firmware | ||
Lenovo Thinkagile Vx3331 | ||
Lenovo Thinkagile Hx1331 Firmware | ||
Lenovo Thinkagile Hx1331 | ||
Lenovo Thinkagile Hx2330 Firmware | ||
Lenovo Thinkagile Hx2330 | ||
Lenovo Thinkagile Hx2331 Firmware | ||
Lenovo Thinkagile Hx2331 | ||
Lenovo Thinkagile Hx3330 Firmware | ||
Lenovo Thinkagile Hx3330 | ||
Lenovo Thinkagile Hx3331 Firmware | ||
Lenovo Thinkagile Hx3331 | ||
Lenovo Thinkagile Hx3375 Firmware | ||
Lenovo Thinkagile Hx3375 | ||
Lenovo Thinkagile Hx3376 Firmware | ||
Lenovo Thinkagile Hx3376 | ||
Lenovo Thinkagile Hx5531 Firmware | ||
Lenovo Thinkagile Hx5531 | ||
Lenovo Thinkagile Hx7531 Firmware | ||
Lenovo Thinkagile Hx7531 | ||
Lenovo Thinkagile Mx3330-f All-flash Firmware | ||
Lenovo Thinkagile Mx3330-f All-flash | ||
Lenovo Thinkagile Mx3330-h Hybrid Firmware | ||
Lenovo Thinkagile Mx3330-h Hybrid | ||
Lenovo Thinkagile Mx3331-f All-flash Firmware | ||
Lenovo Thinkagile Mx3331-f All-flash | ||
Lenovo Thinkagile Mx3331-h Hybrid Firmware | ||
Lenovo Thinkagile Mx3331-h Hybrid | ||
Lenovo Thinkagile Mx3530 F All Flash Firmware | ||
Lenovo Thinkagile Mx3530 F All Flash | ||
Lenovo Thinkagile Mx3530-h Hybrid Firmware | ||
Lenovo Thinkagile Mx3530-h Hybrid | ||
Lenovo Thinkagile Mx3531 H Hybrid Firmware | ||
Lenovo Thinkagile Mx3531 H Hybrid | ||
Lenovo Thinkagile Mx3531-f All-flash Firmware | ||
Lenovo Thinkagile Mx3531-f All-flash | ||
Lenovo Thinkagile Vx2330 Firmware | ||
Lenovo Thinkagile Vx2330 | ||
Lenovo Thinkagile Vx3330 Firmware | ||
Lenovo Thinkagile Vx3330 | ||
Lenovo Thinkagile Vx3530-g Firmware | ||
Lenovo Thinkagile Vx3530-g | ||
Lenovo Thinkagile Vx5530 Firmware | ||
Lenovo Thinkagile Vx5530 | ||
Lenovo Thinkagile Vx7330 Firmware | ||
Lenovo Thinkagile Vx7330 | ||
Lenovo Thinkagile Vx7530 Firmware | ||
Lenovo Thinkagile Vx7530 | ||
Lenovo Thinkagile Vx7531 Firmware | ||
Lenovo Thinkagile Vx7531 | ||
Lenovo Thinksystem Sd630 V2 Firmware | ||
Lenovo Thinksystem Sd630 V2 | ||
Lenovo Thinksystem Sd650 V2 Firmware | ||
Lenovo Thinksystem Sd650 V2 | ||
Lenovo Thinksystem Sd650 V3 Firmware | ||
Lenovo Thinksystem Sd650-n V2 Firmware | ||
Lenovo Thinksystem Sd650-n V2 | ||
Lenovo Thinksystem Sd665 V3 Firmware | ||
Lenovo Thinksystem Sn550 V2 Firmware | ||
Lenovo Thinksystem Sn550 V2 | ||
Lenovo Thinksystem Sr250 Firmware | ||
Lenovo Thinksystem Sr250 V2 | ||
Lenovo Thinksystem Sr258 V2 Firmware | ||
Lenovo Thinksystem Sr258 V2 | ||
Lenovo Thinksystem Sr630 V2 Firmware | ||
Lenovo Thinksystem Sr630 V2 | ||
Lenovo Thinksystem Sr630 V3 Firmware | ||
Lenovo Thinksystem Sr635 V3 Firmware | ||
Lenovo Thinksystem Sr645 Firmware | ||
Lenovo Thinksystem Sr645 | ||
Lenovo Thinksystem Sr645 V3 Firmware | ||
Lenovo Thinksystem Sr645 V3 | ||
Lenovo Thinksystem Sr650 V2 Firmware | ||
Lenovo Thinksystem Sr650 V2 | ||
Lenovo Thinksystem Sr650 V3 Firmware | ||
Lenovo Thinksystem Sr655 V3 Firmware | ||
Lenovo Thinksystem Sr665 Firmware | ||
Lenovo Thinksystem Sr665 | ||
Lenovo Thinksystem Sr665 V3 Firmware | ||
Lenovo Thinksystem Sr670 Firmware | ||
Lenovo Thinksystem Sr670 | ||
Lenovo Thinksystem Sr670 V2 Firmware | ||
Lenovo Thinksystem Sr670 V2 | ||
Lenovo Thinksystem Sr675 V3 Firmware | ||
Lenovo Thinksystem Sr850 V2 Firmware | ||
Lenovo Thinksystem Sr850 V2 | ||
Lenovo Thinksystem Sr850 V3 Firmware | ||
Lenovo Thinksystem Sr860 V2 Firmware | ||
Lenovo Thinksystem Sr860 V2 | ||
Lenovo Thinksystem Sr860 V3 Firmware | ||
Lenovo Thinksystem St250 V2 Firmware | ||
Lenovo Thinksystem St250 V2 | ||
Lenovo Thinksystem St258 V2 Firmware | ||
Lenovo Thinksystem St258 V2 | ||
Lenovo Thinksystem St650 V2 Firmware | ||
Lenovo Thinksystem St650 V2 | ||
Lenovo Thinksystem St650 V3 Firmware | ||
Lenovo Thinksystem St658 V2 Firmware | ||
Lenovo Thinksystem St658 V2 | ||
Lenovo Thinksystem St658 V3 Firmware |
Upgrade to the product version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-140960
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.