First published: Fri Sep 13 2024(Updated: )
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.
Credit: psirt@lenovo.com
Update XClarity Controller to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-172051
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.