CVE-2024-8278

HIGH

Lenovo ThinkAgile XCC - Authenticated OS Command Injection via IPMI Commands

Title source: llm
STIX 2.1

Description

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0044
EPSS Percentile 63.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (50)
Lenovo/HX Enclosure Certified Node (ThinkAgile) XCC < 6.36 TEI3F4A
Lenovo/HX1021 Edge Certified Node 3yr (ThinkAgile) XCC < 4.11 TEI3E4A
Lenovo/HX1320 Appliance (ThinkAgile) XCC < 9.97 CDI3B4B
Lenovo/HX1321 Certified Node (ThinkAgile) XCC < 9.97 CDI3B4B
Lenovo/HX1331 Certified Node (ThinkAgile) XCC < 4.71 AFBT48C
Lenovo/HX1520-R Appliance (ThinkAgile) XCC < 9.97 CDI3B4B
Lenovo/HX1521-R Certified Node (ThinkAgile) XCC < 9.97 CDI3B4B
Lenovo/HX2320-E Appliance (ThinkAgile) XCC < 9.97 CDI3B4B
Lenovo/HX2321 Certified Node (ThinkAgile) XCC < 9.97 CDI3B4B
Lenovo/HX2330 Appliance (ThinkAgile) XCC < 4.71 AFBT48C
... and 40 more
Published Sep 13, 2024
Tracked Since Feb 18, 2026