CVE-2023-0683
high-risk
Published 2023-05-01
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
Do I need to act?
-
0.31% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.3/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Thinkagile Hx5530 Firmware
Thinkagile Hx7530 Firmware
Thinkagile Vx3331 Firmware
Thinkagile Hx Enclosure Firmware
Thinkagile Hx1021 Firmware
Thinkagile Hx1320 Firmware
Thinkagile Hx1321 Firmware
Thinkagile Hx1331 Firmware
Thinkagile Hx1520-R Firmware
Thinkagile Hx1521-R Firmware
Thinkagile Hx2320-E Firmware
Thinkagile Hx2321 Firmware
Thinkagile Hx2330 Firmware
Thinkagile Hx2330 Firmware
Thinkagile Hx2331 Firmware
Thinkagile Hx2720-E Firmware
Thinkagile Hx3320 Firmware
Thinkagile Hx3321 Firmware
Thinkagile Hx3330 Firmware
Thinkagile Hx3331 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-99936
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-99936
61
/ 100
high-risk
Severity
29/34 · Critical
Exploitability
1/34 · Minimal
Exposure
31/34 · Critical