CVE-2023-4606 - OpenCVE

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Thinkagile Hx1331 Thinkagile Hx1331 Firmware Thinkagile Hx2330 Thinkagile Hx2330 Firmware Thinkagile Hx2331 Thinkagile Hx2331 Firmware Thinkagile Hx3330 Thinkagile Hx3330 Firmware Thinkagile Hx3331 Thinkagile Hx3331 Firmware Thinkagile Hx3375 Thinkagile Hx3375 Firmware Thinkagile Hx3376 Thinkagile Hx3376 Firmware Thinkagile Hx5530 Thinkagile Hx5530 Firmware Thinkagile Hx5531 Thinkagile Hx5531 Firmware Thinkagile Hx7530 Thinkagile Hx7530 Firmware Thinkagile Hx7531 Thinkagile Hx7531 Firmware Thinkagile Mx3330-f All-flash Thinkagile Mx3330-f All-flash Firmware Thinkagile Mx3330-h Hybrid Thinkagile Mx3330-h Hybrid Firmware Thinkagile Mx3331-f All-flash Thinkagile Mx3331-f All-flash Firmware Thinkagile Mx3331-h Hybrid Thinkagile Mx3331-h Hybrid Firmware Thinkagile Mx3530-h Hybrid Thinkagile Mx3530-h Hybrid Firmware Thinkagile Mx3530 F All Flash Thinkagile Mx3530 F All Flash Firmware Thinkagile Mx3531-f All-flash Thinkagile Mx3531-f All-flash Firmware Thinkagile Mx3531 H Hybrid Thinkagile Mx3531 H Hybrid Firmware Thinkagile Vx2330 Thinkagile Vx2330 Firmware Thinkagile Vx3330 Thinkagile Vx3330 Firmware Thinkagile Vx3331 Thinkagile Vx3331 Firmware Thinkagile Vx3530-g Thinkagile Vx3530-g Firmware Thinkagile Vx5530 Thinkagile Vx5530 Firmware Thinkagile Vx7330 Thinkagile Vx7330 Firmware Thinkagile Vx7530 Thinkagile Vx7530 Firmware Thinkagile Vx7531 Thinkagile Vx7531 Firmware Thinksystem Sd630 V2 Thinksystem Sd630 V2 Firmware Thinksystem Sd650-n V2 Thinksystem Sd650-n V2 Firmware Thinksystem Sd650 V2 Thinksystem Sd650 V2 Firmware Thinksystem Sd650 V3 Firmware Thinksystem Sd665 V3 Firmware Thinksystem Sn550 V2 Thinksystem Sn550 V2 Firmware Thinksystem Sr250 Firmware Thinksystem Sr250 V2 Thinksystem Sr258 V2 Thinksystem Sr258 V2 Firmware Thinksystem Sr630 V2 Thinksystem Sr630 V2 Firmware Thinksystem Sr630 V3 Firmware Thinksystem Sr635 V3 Firmware Thinksystem Sr645 Thinksystem Sr645 Firmware Thinksystem Sr645 V3 Thinksystem Sr645 V3 Firmware Thinksystem Sr650 V2 Thinksystem Sr650 V2 Firmware Thinksystem Sr650 V3 Firmware Thinksystem Sr655 V3 Firmware Thinksystem Sr665 Thinksystem Sr665 Firmware Thinksystem Sr665 V3 Firmware Thinksystem Sr670 Thinksystem Sr670 Firmware Thinksystem Sr670 V2 Thinksystem Sr670 V2 Firmware Thinksystem Sr675 V3 Firmware Thinksystem Sr850 V2 Thinksystem Sr850 V2 Firmware Thinksystem Sr850 V3 Firmware Thinksystem Sr860 V2 Thinksystem Sr860 V2 Firmware Thinksystem Sr860 V3 Firmware Thinksystem St250 V2 Thinksystem St250 V2 Firmware Thinksystem St258 V2 Thinksystem St258 V2 Firmware Thinksystem St650 V2 Thinksystem St650 V2 Firmware Thinksystem St650 V3 Firmware Thinksystem St658 V2 Thinksystem St658 V2 Firmware Thinksystem St658 V3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx5530:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7530:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx3331:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx1331:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx2330:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx2331:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3330:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx5531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx5531:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7530:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7531:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7531:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3330-f_all-flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3330-f_all-flash:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3330-h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3330-h_hybrid:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3331-f_all-flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3331-f_all-flash:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3331-h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3331-h_hybrid:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3530_f_all_flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3530_f_all_flash:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3530-h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3530-h_hybrid:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3531_h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3531_h_hybrid:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3531-f_all-flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3531-f_all-flash:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx2330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx2330:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx3330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx3330:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx3530-g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx3530-g:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx5530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx5530:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx7330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx7330:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx7530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx7530:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx7531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx7531:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sd630_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sd630_v2:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sd650_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sd650_v2:-:*:*:*:*:*:*:*

Configuration 33 [-]

cpe:2.3:o:lenovo:thinksystem_sd650_v3_firmware:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sd650-n_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sd650-n_v2:-:*:*:*:*:*:*:*

Configuration 35 [-]

cpe:2.3:o:lenovo:thinksystem_sd665_v3_firmware:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sn550_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sn550_v2:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr250_v2:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr258_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr258_v2:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr630_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr630_v2:-:*:*:*:*:*:*:*

Configuration 40 [-]

cpe:2.3:o:lenovo:thinksystem_sr630_v3_firmware:-:*:*:*:*:*:*:*

Configuration 41 [-]

cpe:2.3:o:lenovo:thinksystem_sr635_v3_firmware:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr645_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr645:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr645_v3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr645_v3:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr650_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr650_v2:-:*:*:*:*:*:*:*

Configuration 45 [-]

cpe:2.3:o:lenovo:thinksystem_sr650_v3_firmware:-:*:*:*:*:*:*:*

Configuration 46 [-]

cpe:2.3:o:lenovo:thinksystem_sr655_v3_firmware:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr665:-:*:*:*:*:*:*:*

Configuration 48 [-]

cpe:2.3:o:lenovo:thinksystem_sr665_v3_firmware:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr670:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr670_v2:-:*:*:*:*:*:*:*

Configuration 51 [-]

cpe:2.3:o:lenovo:thinksystem_sr675_v3_firmware:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr850_v2:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr850_v2:-:*:*:*:*:*:*:*

Configuration 54 [-]

cpe:2.3:o:lenovo:thinksystem_sr850_v3_firmware:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr860_v2:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr860_v2:-:*:*:*:*:*:*:*

Configuration 57 [-]

cpe:2.3:o:lenovo:thinksystem_sr860_v3_firmware:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st250_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st250_v2:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st258_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st258_v2:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st650_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st650_v2:-:*:*:*:*:*:*:*

Configuration 61 [-]

cpe:2.3:o:lenovo:thinksystem_st650_v3_firmware:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st658_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st658_v2:-:*:*:*:*:*:*:*

Configuration 63 [-]

cpe:2.3:o:lenovo:thinksystem_st658_v3_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-140960

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:25:09.243Z

Updated: 2024-09-11T18:24:50.644Z

Reserved: 2023-08-29T15:54:54.303Z

Link: CVE-2023-4606

Vulnrichment

Updated: 2024-08-02T07:31:06.613Z

NVD

Status : Analyzed

Published: 2023-10-25T18:17:41.487

Modified: 2023-11-07T19:11:17.050

Link: CVE-2023-4606

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object