CVE-2017-3770
HIGHLenovo XClarity Administrator < 1.3.2 - Authenticated Privilege Escalation via Web Interface
Title source: llmDescription
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-16333
Scores
CVSS v3
8.8
EPSS
0.0046
EPSS Percentile
64.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
lenovo/xclarity_administrator
< 1.3.1
Lenovo Group Ltd./Lenovo XClarity Administrator (LXCA)
Earlier than 1.3.2
Published
Sep 22, 2017
Tracked Since
Feb 18, 2026