CVE-2024-38508

{"id": "CVE-2024-38508", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-07-26T20:15:03.597", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-156781", "source": "psirt@lenovo.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@lenovo.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request."}, {"lang": "es", "value": " Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en la interfaz web o en la interfaz de shell de comandos cautivos SSH de XCC que podr\u00eda permitir a un usuario de XCC autenticado con privilegios elevados realizar la inyecci\u00f3n de comandos a trav\u00e9s de una solicitud especialmente manipulada."}], "lastModified": "2024-07-29T14:12:08.783", "sourceIdentifier": "psirt@lenovo.com"}