Format string

2023-05-0115:15:00

PRIOn knowledge base

www.prio-n.com

denial of service

authentication

format string injection

xcc web interface

api security

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.7%

JSON

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

CPENameOperatorVersion
thinkagile_hx1021_firmwareeq< 3.72-tei388s
thinkagile_hx1320_firmwareeq< 8.88-cdi3a4a
thinkagile_hx1321_firmwareeq< 8.88-cdi3a4a
thinkagile_hx1331_firmwareeq< 2.93-afbt30p
thinkagile_hx1520-r_firmwareeq< 8.88-cdi3a4a
thinkagile_hx1521-r_firmwareeq< 8.88-cdi3a4a
thinkagile_hx2320-e_firmwareeq< 8.88-cdi3a4a
thinkagile_hx2321_firmwareeq< 8.88-cdi3a4a
thinkagile_hx2330_firmwareeq< 2.93-afbt30p
thinkagile_hx2330_firmwareeq2.93.0-afbt30-p

Name	Operator	Version
thinkagile_hx1021_firmware	eq	< 3.72-tei388s
thinkagile_hx1320_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx1321_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx1331_firmware	eq	< 2.93-afbt30p
thinkagile_hx1520-r_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx1521-r_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx2320-e_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx2321_firmware	eq	< 8.88-cdi3a4a
thinkagile_hx2330_firmware	eq	< 2.93-afbt30p
thinkagile_hx2330_firmware	eq	2.93.0-afbt30-p

Rows per page:

1-10 of 1131

References

support.lenovo.com/us/en/product_security/LEN-99936