Lucene search

[email protected]NVD:CVE-2024-45104

HistorySep 13, 2024 - 6:15 p.m.

CVE-2024-45104

2024-09-1318:15:05

CWE-282

[email protected]

web.nvd.nist.gov

lxca user

modify device

device identifier

specially crafted web api call

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.

Affected configurations

Nvd

Node

lenovoxclarity_administratorRange<4.1.0

AND

emcvmwareMatch-

microsoftwindowsMatch-

redhatkernel-based_virtual_machineMatch-

VendorProductVersionCPE
lenovoxclarity_administrator*cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*
emcvmware-cpe:2.3:a:emc:vmware:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
redhatkernel-based_virtual_machine-cpe:2.3:o:redhat:kernel-based_virtual_machine:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lenovo	xclarity_administrator	*	cpe:2.3:a:lenovo:xclarity_administrator::::::::
emc	vmware	-	cpe:2.3:a:emc:vmware:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
redhat	kernel-based_virtual_machine	-	cpe:2.3:o:redhat:kernel-based_virtual_machine:-:::::::*

References

support.lenovo.com/us/en/product_security/LEN-154748

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

16.8%

JSON

Related for NVD:CVE-2024-45104

vulnrichment1 cve1 cvelist1