← back
CVE-2023-29058

CVE-2023-29058

CVSS 6.4 MEDIUMEPSS 0.4%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Apr 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H
Affected products
Lenovo · XClarity Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.lenovo.com/us/en/product_security/LEN-118321