CVE-2024-38510

HIGH

Lenovo XClarity Controller - Authenticated OS Command Injection via SSH Captive Shell File Upload

Title source: llm
STIX 2.1

Description

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0107
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
Lenovo/XClarity Controller various
Published Jul 26, 2024
Tracked Since Feb 18, 2026