CVE-2024-38510

{"id": "CVE-2024-38510", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-07-26T20:15:04.053", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-156781", "source": "psirt@lenovo.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@lenovo.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads."}, {"lang": "es", "value": " Se descubri\u00f3 una vulnerabilidad de escalada de privilegios en la interfaz del shell de comandos cautivos SSH que podr\u00eda permitir a un usuario XCC autenticado con privilegios elevados realizar la inyecci\u00f3n de comandos mediante cargas de archivos especialmente manipuladas."}], "lastModified": "2024-07-29T14:12:08.783", "sourceIdentifier": "psirt@lenovo.com"}