CVE-2023-25492

MEDIUM

Lenovo Thinkagile Hx5530 Firmware - Format String Vulnerability

Title source: rule

Description

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-99936

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-134

Status published

Products (50)

lenovo/thinkagile_hx1021_firmware < 3.72_tei388s

lenovo/thinkagile_hx1320_firmware < 8.88_cdi3a4a

lenovo/thinkagile_hx1321_firmware < 8.88_cdi3a4a

lenovo/thinkagile_hx1331_firmware < 2.93_afbt30p

lenovo/thinkagile_hx1520-r_firmware < 8.88_cdi3a4a

lenovo/thinkagile_hx1521-r_firmware < 8.88_cdi3a4a

lenovo/thinkagile_hx2320-e_firmware < 8.88_cdi3a4a

lenovo/thinkagile_hx2321_firmware < 8.88_cdi3a4a

lenovo/thinkagile_hx2330_firmware 2.93_afbt30p

lenovo/thinkagile_hx2330_firmware < 2.93_afbt30p

... and 40 more

Published May 01, 2023

Tracked Since Feb 18, 2026