CVE-2023-4606 - OpenCVE

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkagile Mx3530 F All Flash Firmware Thinkagile Mx3330-f All-flash Thinkagile Vx2330 Thinkagile Hx5531 Thinkagile Hx2331 Thinksystem St258 V2 Thinksystem St658 V2 Thinkagile Mx3531-f All-flash Firmware Thinkagile Mx3530-h Hybrid Firmware Thinksystem Sr645 Thinksystem Sd650 V3 Firmware Thinksystem Sr665 V3 Firmware Thinkagile Mx3331-f All-flash Firmware Thinkagile Vx5530 Thinksystem Sr860 V3 Firmware Thinksystem Sn550 V2 Firmware Thinkagile Vx3330 Thinksystem Sd650 V2 Thinksystem Sr258 V2 Thinkagile Hx3375 Thinkagile Mx3531 H Hybrid Thinksystem St250 V2 Thinkagile Mx3330-f All-flash Firmware Thinksystem St650 V3 Firmware Thinkagile Hx5530 Thinkagile Vx3331 Firmware Thinksystem Sr670 Firmware Thinksystem Sd650-n V2 Firmware Thinksystem Sr630 V2 Thinksystem St650 V2 Firmware Thinksystem Sr665 Firmware Thinksystem Sr670 V2 Thinkagile Vx3530-g Firmware Thinksystem Sr250 Firmware Thinksystem Sr850 V3 Firmware Thinksystem Sd650 V2 Firmware Thinkagile Hx3376 Thinksystem Sr645 Firmware Thinksystem Sn550 V2 Thinksystem Sr258 V2 Firmware Thinkagile Mx3530-h Hybrid Thinkagile Vx7531 Thinkagile Hx7530 Firmware Thinkagile Mx3330-h Hybrid Thinksystem Sd630 V2 Thinkagile Hx3331 Firmware Thinkagile Vx7330 Thinksystem Sr650 V2 Thinkagile Vx7531 Firmware Thinksystem Sd665 V3 Firmware Thinkagile Hx2330 Firmware Thinksystem Sd650-n V2 Thinkagile Vx3331 Thinkagile Vx7530 Thinksystem Sr850 V2 Thinksystem Sd630 V2 Firmware Thinkagile Vx3530-g Thinksystem Sr645 V3 Firmware Thinksystem Sr675 V3 Firmware Thinksystem Sr670 V2 Firmware Thinksystem St658 V2 Firmware Thinkagile Hx7531 Firmware Thinksystem St658 V3 Firmware Thinksystem Sr645 V3 Thinkagile Mx3330-h Hybrid Firmware Thinksystem Sr630 V3 Firmware Thinksystem Sr860 V2 Thinkagile Vx2330 Firmware Thinksystem Sr850 V2 Firmware Thinkagile Mx3531-f All-flash Thinkagile Vx5530 Firmware Thinkagile Mx3531 H Hybrid Firmware Thinkagile Mx3331-h Hybrid Firmware Thinksystem Sr860 V2 Firmware Thinkagile Hx5531 Firmware Thinksystem Sr650 V3 Firmware Thinkagile Hx2331 Firmware Thinkagile Hx3375 Firmware Thinkagile Hx3376 Firmware Thinkagile Hx1331 Thinkagile Hx7531 Thinkagile Vx7330 Firmware Thinksystem Sr635 V3 Firmware Thinksystem Sr670 Thinkagile Hx7530 Thinksystem St258 V2 Firmware Thinkagile Hx2330 Thinksystem Sr250 V2 Thinkagile Mx3331-f All-flash Thinksystem Sr650 V2 Firmware Thinkagile Mx3530 F All Flash Thinkagile Hx1331 Firmware Thinkagile Hx5530 Firmware Thinkagile Hx3331 Thinksystem Sr655 V3 Firmware Thinksystem St650 V2 Thinkagile Hx3330 Thinksystem St250 V2 Firmware Thinkagile Vx7530 Firmware Thinkagile Mx3331-h Hybrid Thinksystem Sr630 V2 Firmware Thinksystem Sr665 Thinkagile Vx3330 Firmware Thinkagile Hx3330 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx5530:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7530:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx3331:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx1331:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx2330:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx2331:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3330:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3331_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx5531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx5531:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7530:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7531:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_hx7531:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3330-f_all-flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3330-f_all-flash:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3330-h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3330-h_hybrid:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3331-f_all-flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3331-f_all-flash:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3331-h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3331-h_hybrid:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3530_f_all_flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3530_f_all_flash:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3530-h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3530-h_hybrid:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3531_h_hybrid_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3531_h_hybrid:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkagile_mx3531-f_all-flash_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_mx3531-f_all-flash:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx2330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx2330:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx3330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx3330:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx3530-g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx3530-g:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx5530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx5530:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx7330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx7330:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx7530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx7530:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:thinkagile_vx7531_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkagile_vx7531:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sd630_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sd630_v2:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sd650_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sd650_v2:-:*:*:*:*:*:*:*

Configuration 33 [-]

cpe:2.3:o:lenovo:thinksystem_sd650_v3_firmware:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sd650-n_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sd650-n_v2:-:*:*:*:*:*:*:*

Configuration 35 [-]

cpe:2.3:o:lenovo:thinksystem_sd665_v3_firmware:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sn550_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sn550_v2:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr250_v2:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr258_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr258_v2:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr630_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr630_v2:-:*:*:*:*:*:*:*

Configuration 40 [-]

cpe:2.3:o:lenovo:thinksystem_sr630_v3_firmware:-:*:*:*:*:*:*:*

Configuration 41 [-]

cpe:2.3:o:lenovo:thinksystem_sr635_v3_firmware:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr645_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr645:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr645_v3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr645_v3:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr650_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr650_v2:-:*:*:*:*:*:*:*

Configuration 45 [-]

cpe:2.3:o:lenovo:thinksystem_sr650_v3_firmware:-:*:*:*:*:*:*:*

Configuration 46 [-]

cpe:2.3:o:lenovo:thinksystem_sr655_v3_firmware:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr665:-:*:*:*:*:*:*:*

Configuration 48 [-]

cpe:2.3:o:lenovo:thinksystem_sr665_v3_firmware:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr670:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr670_v2:-:*:*:*:*:*:*:*

Configuration 51 [-]

cpe:2.3:o:lenovo:thinksystem_sr675_v3_firmware:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr850_v2:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr850_v2:-:*:*:*:*:*:*:*

Configuration 54 [-]

cpe:2.3:o:lenovo:thinksystem_sr850_v3_firmware:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr860_v2:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_sr860_v2:-:*:*:*:*:*:*:*

Configuration 57 [-]

cpe:2.3:o:lenovo:thinksystem_sr860_v3_firmware:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st250_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st250_v2:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st258_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st258_v2:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st650_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st650_v2:-:*:*:*:*:*:*:*

Configuration 61 [-]

cpe:2.3:o:lenovo:thinksystem_st650_v3_firmware:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:lenovo:thinksystem_st658_v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinksystem_st658_v2:-:*:*:*:*:*:*:*

Configuration 63 [-]

cpe:2.3:o:lenovo:thinksystem_st658_v3_firmware:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-140960	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:25:09.243Z

Updated: 2023-10-24T20:25:09.243Z

Reserved: 2023-08-29T15:54:54.303Z

Link: CVE-2023-4606

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-25T18:17:41.487

Modified: 2023-11-07T19:11:17.050

Link: CVE-2023-4606

JSON object: View

Redhat Information

No data.

CWE

CWE-862