CVE-2023-4606
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
Un usuario XCC autenticado con permiso de solo lectura puede cambiar la contraseña de un usuario diferente mediante un comando API manipulado. Esto afecta a los servidores ThinkSystem v2 y v3 con XCC; Los servidores ThinkSystem v1 no se ven afectados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-29 CVE Reserved
- 2023-10-24 CVE Published
- 2024-09-11 CVE Updated
- 2024-10-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-140960 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkagile Hx5530 Firmware Search vendor "Lenovo" for product "Thinkagile Hx5530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5530 Search vendor "Lenovo" for product "Thinkagile Hx5530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Search vendor "Lenovo" for product "Thinkagile Hx7530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx3331 Firmware Search vendor "Lenovo" for product "Thinkagile Vx3331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3331 Search vendor "Lenovo" for product "Thinkagile Vx3331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx1331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx1331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx1331 Search vendor "Lenovo" for product "Thinkagile Hx1331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx2330 Firmware Search vendor "Lenovo" for product "Thinkagile Hx2330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx2330 Search vendor "Lenovo" for product "Thinkagile Hx2330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx2331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx2331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx2331 Search vendor "Lenovo" for product "Thinkagile Hx2331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3330 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3330 Search vendor "Lenovo" for product "Thinkagile Hx3330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Search vendor "Lenovo" for product "Thinkagile Hx3331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3331 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3331 Search vendor "Lenovo" for product "Thinkagile Hx3331" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3375 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3375 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3375 Search vendor "Lenovo" for product "Thinkagile Hx3375" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx3376 Firmware Search vendor "Lenovo" for product "Thinkagile Hx3376 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx3376 Search vendor "Lenovo" for product "Thinkagile Hx3376" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx5531 Firmware Search vendor "Lenovo" for product "Thinkagile Hx5531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx5531 Search vendor "Lenovo" for product "Thinkagile Hx5531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7530 Search vendor "Lenovo" for product "Thinkagile Hx7530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Search vendor "Lenovo" for product "Thinkagile Hx7531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Firmware Search vendor "Lenovo" for product "Thinkagile Hx7531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx7531 Search vendor "Lenovo" for product "Thinkagile Hx7531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-f All-flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-f All-flash Search vendor "Lenovo" for product "Thinkagile Mx3330-f All-flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-h Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3330-h Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3330-h Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-f All-flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-f All-flash Search vendor "Lenovo" for product "Thinkagile Mx3331-f All-flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-h Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3331-h Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3331-h Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3530 F All Flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3530 F All Flash Search vendor "Lenovo" for product "Thinkagile Mx3530 F All Flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3530-h Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3530-h Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3530-h Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3531 H Hybrid Firmware Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3531 H Hybrid Search vendor "Lenovo" for product "Thinkagile Mx3531 H Hybrid" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Mx3531-f All-flash Firmware Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Mx3531-f All-flash Search vendor "Lenovo" for product "Thinkagile Mx3531-f All-flash" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx2330 Firmware Search vendor "Lenovo" for product "Thinkagile Vx2330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx2330 Search vendor "Lenovo" for product "Thinkagile Vx2330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx3330 Firmware Search vendor "Lenovo" for product "Thinkagile Vx3330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3330 Search vendor "Lenovo" for product "Thinkagile Vx3330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx3530-g Firmware Search vendor "Lenovo" for product "Thinkagile Vx3530-g Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx3530-g Search vendor "Lenovo" for product "Thinkagile Vx3530-g" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx5530 Firmware Search vendor "Lenovo" for product "Thinkagile Vx5530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx5530 Search vendor "Lenovo" for product "Thinkagile Vx5530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx7330 Firmware Search vendor "Lenovo" for product "Thinkagile Vx7330 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7330 Search vendor "Lenovo" for product "Thinkagile Vx7330" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx7530 Firmware Search vendor "Lenovo" for product "Thinkagile Vx7530 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7530 Search vendor "Lenovo" for product "Thinkagile Vx7530" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx7531 Firmware Search vendor "Lenovo" for product "Thinkagile Vx7531 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx7531 Search vendor "Lenovo" for product "Thinkagile Vx7531" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd630 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sd630 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sd630 V2 Search vendor "Lenovo" for product "Thinksystem Sd630 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd650 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sd650 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sd650 V2 Search vendor "Lenovo" for product "Thinksystem Sd650 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd650-n V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sd650-n V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sd650-n V2 Search vendor "Lenovo" for product "Thinksystem Sd650-n V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sn550 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sn550 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sn550 V2 Search vendor "Lenovo" for product "Thinksystem Sn550 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr250 Firmware Search vendor "Lenovo" for product "Thinksystem Sr250 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr250 V2 Search vendor "Lenovo" for product "Thinksystem Sr250 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr258 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr258 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr258 V2 Search vendor "Lenovo" for product "Thinksystem Sr258 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr630 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr630 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr630 V2 Search vendor "Lenovo" for product "Thinksystem Sr630 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr645 Firmware Search vendor "Lenovo" for product "Thinksystem Sr645 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr645 Search vendor "Lenovo" for product "Thinksystem Sr645" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr645 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr645 V3 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr645 V3 Search vendor "Lenovo" for product "Thinksystem Sr645 V3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr650 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr650 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr650 V2 Search vendor "Lenovo" for product "Thinksystem Sr650 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr665 Firmware Search vendor "Lenovo" for product "Thinksystem Sr665 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr665 Search vendor "Lenovo" for product "Thinksystem Sr665" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr670 Firmware Search vendor "Lenovo" for product "Thinksystem Sr670 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr670 Search vendor "Lenovo" for product "Thinksystem Sr670" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr670 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr670 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr670 V2 Search vendor "Lenovo" for product "Thinksystem Sr670 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Search vendor "Lenovo" for product "Thinksystem Sr850 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr850 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V2 Search vendor "Lenovo" for product "Thinksystem Sr850 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Search vendor "Lenovo" for product "Thinksystem Sr860 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Firmware Search vendor "Lenovo" for product "Thinksystem Sr860 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V2 Search vendor "Lenovo" for product "Thinksystem Sr860 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St250 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St250 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St250 V2 Search vendor "Lenovo" for product "Thinksystem St250 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St258 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St258 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St258 V2 Search vendor "Lenovo" for product "Thinksystem St258 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St650 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St650 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St650 V2 Search vendor "Lenovo" for product "Thinksystem St650 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem St658 V2 Firmware Search vendor "Lenovo" for product "Thinksystem St658 V2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem St658 V2 Search vendor "Lenovo" for product "Thinksystem St658 V2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem Sd650 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sd650 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sd665 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sd665 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr630 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr630 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr635 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr635 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr650 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr650 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr655 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr655 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr665 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr665 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr675 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr675 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr850 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr850 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem Sr860 V3 Firmware Search vendor "Lenovo" for product "Thinksystem Sr860 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem St650 V3 Firmware Search vendor "Lenovo" for product "Thinksystem St650 V3 Firmware" | - | - |
Affected
| ||||||
| Lenovo Search vendor "Lenovo" | Thinksystem St658 V3 Firmware Search vendor "Lenovo" for product "Thinksystem St658 V3 Firmware" | - | - |
Affected
| ||||||