Lucene search

LenovoCVELIST:CVE-2023-25492

HistoryMay 01, 2023 - 2:11 p.m.

CVE-2023-25492

2023-05-0114:11:48

CWE-134

lenovo

www.cve.org

denial of service

xcc web interface

format string injection

authenticated user

vulnerability

web interface api

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "XClarity Controller",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "See product security advisory below"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-99936