Search In Site

Security Alerts

Severity Level: High  

Title: 

Multiple Vulnerabilities in Lenovo XClarity Controller

Timestamp:

Friday Sep 13, 2024

Summary:

Lenovo has released a security advisory addressing multiple vulnerabilities in its XClarity Controller (XCC). These vulnerabilities could allow an authenticated attacker with elevated privileges to gain unauthorized access or execute arbitrary commands on the affected system.

Vulnerabilities Details:

 

       • CVE- 2024-8278 :

        A privilege escalation vulnerability in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

 

CVE- 2024-8280 :

An input validation weakness in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file

CVE- 2024-8281:

  An input validation weakness in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input.

• CVE- 2024-8059 :

 IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

Recommendations:

We recommended to s to upgrade the affected versions to the fixed versions at the earliest

References:

 For references  , Click here