Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo thinkagile vx enclosure firmware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-3897
An authentication bypass vulnerability exists in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not aff...
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
9.8
CVSSv3
CVE-2021-3849
An authentication bypass vulnerability exists in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not affected.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
8.8
CVSSv3
CVE-2023-4607
An authenticated XCC user can change permissions for any user through a crafted API command.
Lenovo Thinkagile Hx5530 Firmware -
Lenovo Thinkagile Hx7530 Firmware -
Lenovo Thinkagile Vx3331 Firmware -
Lenovo Thinkagile Hx1331 Firmware -
Lenovo Thinkagile Hx2330 Firmware -
Lenovo Thinkagile Hx2331 Firmware -
Lenovo Thinkagile Hx3330 Firmware -
Lenovo Thinkagile Hx3331 Firmware -
Lenovo Thinkagile Hx3375 Firmware -
Lenovo Thinkagile Hx3376 Firmware -
Lenovo Thinkagile Hx5531 Firmware -
Lenovo Thinkagile Hx7531 Firmware -
Lenovo Thinkagile Mx3330-f All-flash Firmware -
Lenovo Thinkagile Mx3330-h Hybrid Firmware -
Lenovo Thinkagile Mx3331-f All-flash Firmware -
Lenovo Thinkagile Mx3331-h Hybrid Firmware -
Lenovo Thinkagile Mx3530 F All Flash Firmware -
Lenovo Thinkagile Mx3530-h Hybrid Firmware -
Lenovo Thinkagile Mx3531 H Hybrid Firmware -
Lenovo Thinkagile Mx3531-f All-flash Firmware -
Lenovo Thinkagile Vx2330 Firmware -
Lenovo Thinkagile Vx3330 Firmware -
8.8
CVSSv3
CVE-2023-0683
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
Lenovo Thinkagile Hx5530 Firmware
Lenovo Thinkagile Hx7530 Firmware
Lenovo Thinkagile Vx3331 Firmware
Lenovo Thinkagile Hx Enclosure Firmware
Lenovo Thinkagile Hx1021 Firmware
Lenovo Thinkagile Hx1320 Firmware
Lenovo Thinkagile Hx1321 Firmware
Lenovo Thinkagile Hx1331 Firmware
Lenovo Thinkagile Hx1520-r Firmware
Lenovo Thinkagile Hx1521-r Firmware
Lenovo Thinkagile Hx2320-e Firmware
Lenovo Thinkagile Hx2321 Firmware
Lenovo Thinkagile Hx2330 Firmware
Lenovo Thinkagile Hx2330 Firmware 2.93 Afbt30p
Lenovo Thinkagile Hx2331 Firmware
Lenovo Thinkagile Hx2720-e Firmware
Lenovo Thinkagile Hx3320 Firmware
Lenovo Thinkagile Hx3321 Firmware
Lenovo Thinkagile Hx3330 Firmware
Lenovo Thinkagile Hx3331 Firmware
Lenovo Thinkagile Hx3375 Firmware
Lenovo Thinkagile Hx3376 Firmware
8.8
CVSSv3
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
Lenovo Thinkagile Hx5530 Firmware
Lenovo Thinkagile Hx7530 Firmware
Lenovo Thinkagile Vx3331 Firmware
Lenovo Thinkagile Hx Enclosure Firmware
Lenovo Thinkagile Hx1021 Firmware
Lenovo Thinkagile Hx1320 Firmware
Lenovo Thinkagile Hx1321 Firmware
Lenovo Thinkagile Hx1331 Firmware
Lenovo Thinkagile Hx1520-r Firmware
Lenovo Thinkagile Hx1521-r Firmware
Lenovo Thinkagile Hx2320-e Firmware
Lenovo Thinkagile Hx2321 Firmware
Lenovo Thinkagile Hx2330 Firmware
Lenovo Thinkagile Hx2330 Firmware 2.93 Afbt30p
Lenovo Thinkagile Hx2331 Firmware
Lenovo Thinkagile Hx2720-e Firmware
Lenovo Thinkagile Hx3320 Firmware
Lenovo Thinkagile Hx3321 Firmware
Lenovo Thinkagile Hx3330 Firmware
Lenovo Thinkagile Hx3331 Firmware
Lenovo Thinkagile Hx3375 Firmware
Lenovo Thinkagile Hx3376 Firmware
8.8
CVSSv3
CVE-2023-29057
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Loca...
Lenovo Thinkagile Hx5530 Firmware
Lenovo Thinkagile Hx7530 Firmware
Lenovo Thinkagile Vx3331 Firmware
Lenovo Thinkagile Hx Enclosure Firmware
Lenovo Thinkagile Hx1021 Firmware
Lenovo Thinkagile Hx1320 Firmware
Lenovo Thinkagile Hx1321 Firmware
Lenovo Thinkagile Hx1331 Firmware
Lenovo Thinkagile Hx1520-r Firmware
Lenovo Thinkagile Hx1521-r Firmware
Lenovo Thinkagile Hx2320-e Firmware
Lenovo Thinkagile Hx2321 Firmware
Lenovo Thinkagile Hx2330 Firmware
Lenovo Thinkagile Hx2330 Firmware 2.93 Afbt30p
Lenovo Thinkagile Hx2331 Firmware
Lenovo Thinkagile Hx2720-e Firmware
Lenovo Thinkagile Hx3320 Firmware
Lenovo Thinkagile Hx3321 Firmware
Lenovo Thinkagile Hx3330 Firmware
Lenovo Thinkagile Hx3331 Firmware
Lenovo Thinkagile Hx3375 Firmware
Lenovo Thinkagile Hx3376 Firmware
7.5
CVSSv3
CVE-2023-2992
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Cp-cb-10 Firmware
Lenovo Thinkagile Cp-cb-10e Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Lenovo Thinksystem Da240 Enclosure Firmware
Lenovo Thinksystem Dw612 Enclosure Firmware
6.5
CVSSv3
CVE-2023-29058
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
Lenovo Thinkagile Hx5530 Firmware
Lenovo Thinkagile Hx7530 Firmware
Lenovo Thinkagile Vx3331 Firmware
Lenovo Thinkagile Hx Enclosure Firmware
Lenovo Thinkagile Hx1021 Firmware
Lenovo Thinkagile Hx1320 Firmware
Lenovo Thinkagile Hx1321 Firmware
Lenovo Thinkagile Hx1331 Firmware
Lenovo Thinkagile Hx1520-r Firmware
Lenovo Thinkagile Hx1521-r Firmware
Lenovo Thinkagile Hx2320-e Firmware
Lenovo Thinkagile Hx2321 Firmware
Lenovo Thinkagile Hx2330 Firmware
Lenovo Thinkagile Hx2330 Firmware 2.93 Afbt30p
Lenovo Thinkagile Hx2331 Firmware
Lenovo Thinkagile Hx2720-e Firmware
Lenovo Thinkagile Hx3320 Firmware
Lenovo Thinkagile Hx3321 Firmware
Lenovo Thinkagile Hx3330 Firmware
Lenovo Thinkagile Hx3331 Firmware
Lenovo Thinkagile Hx3375 Firmware
Lenovo Thinkagile Hx3376 Firmware
6.5
CVSSv3
CVE-2022-34884
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.
Lenovo Thinkagile Vx3331 Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Hx1021 Firmware
Lenovo Thinkagile Hx1320 Firmware
Lenovo Thinkagile Hx1321 Firmware
Lenovo Thinkagile Hx1520-r Firmware
Lenovo Thinkagile Hx1521-r Firmware
Lenovo Thinkagile Hx2320-e Firmware
Lenovo Thinkagile Hx2321 Firmware
Lenovo Thinkagile Hx2720-e Firmware
Lenovo Thinkagile Hx3320 Firmware
Lenovo Thinkagile Hx3321 Firmware
Lenovo Thinkagile Hx3375 Firmware
Lenovo Thinkagile Hx3376 Firmware
Lenovo Thinkagile Hx3520-g Firmware
Lenovo Thinkagile Hx3521-g Firmware
Lenovo Thinkagile Hx3720 Firmware
Lenovo Thinkagile Hx3721 Firmware
Lenovo Thinkagile Hx5520 Firmware
Lenovo Thinkagile Hx5520-c Firmware
Lenovo Thinkagile Hx5521 Firmware
Lenovo Thinkagile Hx5521-c Firmware
6.3
CVSSv3
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Cp-cb-10 Firmware
Lenovo Thinkagile Cp-cb-10e Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Lenovo Thinksystem Da240 Enclosure Firmware
Lenovo Thinksystem Dw612 Enclosure Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »