CVE-2024-8280

Description

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.

Remediation

Solution:

Update XClarity Controller to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-172051

References

Link	Tags
https://support.lenovo.com/us/en/product_security/LEN-172051

Frequently Asked Questions

What is the severity of CVE-2024-8280?: CVE-2024-8280 has been scored as a high severity vulnerability.
How to fix CVE-2024-8280?: To fix CVE-2024-8280: Update XClarity Controller to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-172051
Is CVE-2024-8280 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-8280 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-8280?: CVE-2024-8280 affects Lenovo HX5530 Appliance (ThinkAgile) XCC, Lenovo HX7530 Appliance (ThinkAgile) XCC, Lenovo ST250 V3 (ThinkSystem) XCC, Lenovo VX3331 Certified Node (ThinkAgile) XCC, Lenovo HX Enclosure Certified Node (ThinkAgile) XCC, Lenovo HX1021 Edge Certified Node 3yr (ThinkAgile) XCC, Lenovo HX1320 Appliance (ThinkAgile) XCC, Lenovo HX1321 Certified Node (ThinkAgile) XCC, Lenovo HX1331 Certified Node (ThinkAgile) XCC, Lenovo HX1520-R Appliance (ThinkAgile) XCC, Lenovo HX1521-R Certified Node (ThinkAgile) XCC, Lenovo HX2320-E Appliance (ThinkAgile) XCC, Lenovo HX2321 Certified Node (ThinkAgile) XCC, Lenovo HX2330 Appliance (ThinkAgile) XCC, Lenovo HX2331 Certified Node (ThinkAgile) XCC, Lenovo HX2720-E Appliance (ThinkAgile) XCC, Lenovo HX3320 Appliance (ThinkAgile) XCC, Lenovo HX3321 Certified Node (ThinkAgile) XCC, Lenovo HX3330 Appliance (ThinkAgile) XCC, Lenovo HX3331 Certified Node (ThinkAgile) XCC, Lenovo HX3331 Node SAP HANA (ThinkAgile) XCC, Lenovo HX3375 Appliance (ThinkAgile) XCC, Lenovo HX3376 Certified Node (ThinkAgile) XCC, Lenovo HX3520-G Appliance (ThinkAgile) XCC, Lenovo HX3521-G Certified Node (ThinkAgile) XCC, Lenovo HX3720 Appliance (ThinkAgile) XCC, Lenovo HX3721 Certified Node (ThinkAgile) XCC, Lenovo HX5520 Appliance (ThinkAgile) XCC, Lenovo HX5520-C Appliance (ThinkAgile) XCC, Lenovo HX5521 Certified Node (ThinkAgile) XCC, Lenovo HX5521-C Certified Node (ThinkAgile) XCC, Lenovo HX5531 Certified Node (ThinkAgile) XCC, Lenovo HX7520 Appliance (ThinkAgile) XCC, Lenovo HX7521 Certified Node (ThinkAgile) XCC, Lenovo HX7530 Appl for SAP HANA (ThinkAgile) XCC, Lenovo HX7531 Certified Node (ThinkAgile) XCC, Lenovo HX7531 Node SAP HANA (ThinkAgile) XCC, Lenovo HX7820 Appliance (ThinkAgile) XCC, Lenovo HX7821 Certified Node (ThinkAgile) XCC, Lenovo MX Edge Appliance - MX1020 (ThinkAgile) XCC, Lenovo MX3330-F All-flash Appliance (ThinkAgile) XCC, Lenovo MX3330-H Hybrid Appliance (ThinkAgile) XCC, Lenovo MX3331-F All-flash Certified node (ThinkAgile) XCC, Lenovo MX3331-H Hybrid Certified node (ThinkAgile) XCC, Lenovo MX3530 F All flash Appliance (ThinkAgile) XCC, Lenovo MX3530-H Hybrid Appliance (ThinkAgile) XCC, Lenovo MX3531 H Hybrid Certified node (ThinkAgile) XCC, Lenovo MX3531-F All-flash Certified node (ThinkAgile) XCC, Lenovo P920 Rack Workstation (ThinkStation) XCC, Lenovo SD530 (ThinkSystem) XCC, Lenovo SD530 V3 (ThinkSystem) XCC, Lenovo SD550 V3 (ThinkSystem) XCC, Lenovo SD630 V2 (ThinkSystem) XCC, Lenovo SD650 DWC Dual Node Tray (ThinkSystem) XCC, Lenovo SD650 V2 (ThinkSystem) XCC, Lenovo SD650 V3 (ThinkSystem) XCC, Lenovo SD650-N V2 (ThinkSystem) XCC, Lenovo SD665 V3 (ThinkSystem) XCC, Lenovo SE350 (ThinkSystem) XCC, Lenovo SE350 V2 (ThinkEdge) XCC, Lenovo SE360 V2 (ThinkEdge) XCC, Lenovo SE450 (ThinkEdge) XCC, Lenovo SE455 V3 (ThinkEdge) XCC, Lenovo SN550 (ThinkSystem) XCC, Lenovo SN550 V2 (ThinkSystem) XCC, Lenovo SN850 (ThinkSystem) XCC, Lenovo SR150 (ThinkSystem) XCC, Lenovo SR158 (ThinkSystem) XCC, Lenovo SR250 (ThinkSystem) XCC, Lenovo SR250 V2 (ThinkSystem) XCC, Lenovo SR250 V3 (ThinkSystem) XCC, Lenovo SR258 (ThinkSystem) XCC, Lenovo SR258 V2 (ThinkSystem) XCC, Lenovo SR258 V3 (ThinkSystem) XCC, Lenovo SR530 (ThinkSystem) XCC, Lenovo SR550 (ThinkSystem) XCC, Lenovo SR570 (ThinkSystem) XCC, Lenovo SR590 (ThinkSystem) XCC, Lenovo SR630 (ThinkSystem) XCC, Lenovo SR630 V2 (ThinkSystem) XCC, Lenovo SR630 V3 (ThinkSystem) XCC, Lenovo SR635 V3 (ThinkSystem) XCC, Lenovo SR645 (ThinkSystem) XCC, Lenovo SR645 V3 (ThinkSystem) XCC, Lenovo SR650 (ThinkSystem) XCC, Lenovo SR650 V2 (ThinkSystem) XCC, Lenovo SR650 V3 (ThinkSystem) XCC, Lenovo SR655 V3 (ThinkSystem) XCC, Lenovo SR665 (ThinkSystem) XCC, Lenovo SR665 V3 (ThinkSystem) XCC, Lenovo SR670 (ThinkSystem) XCC, Lenovo SR670 V2 (ThinkSystem) XCC, Lenovo SR675 V3 (ThinkSystem) XCC, Lenovo SR850 (ThinkSystem) XCC, Lenovo SR850 V2 (ThinkSystem) XCC, Lenovo SR850 V3 (ThinkSystem) XCC, Lenovo SR850P (ThinkSystem) XCC, Lenovo SR860 (ThinkSystem) XCC, Lenovo SR860 V2 (ThinkSystem) XCC, Lenovo SR860 V3 (ThinkSystem) XCC, Lenovo SR950 (ThinkSystem) XCC, Lenovo SR950 V3 (ThinkSystem) XCC, Lenovo ST250 (ThinkSystem) XCC, Lenovo ST250 V2 (ThinkSystem) XCC, Lenovo ST258 (ThinkSystem) XCC, Lenovo ST258 V2 (ThinkSystem) XCC, Lenovo ST258 V3 (ThinkSystem) XCC, Lenovo ST550 (ThinkSystem) XCC, Lenovo ST650 V2 (ThinkSystem) XCC, Lenovo ST650 V3 (ThinkSystem) XCC, Lenovo ST658 V2 (ThinkSystem) XCC, Lenovo ST658 V3 (ThinkSystem) XCC, Lenovo ThinkAgile MX1021 on SE350 XCC, Lenovo VX 1SE Certified Node (ThinkAgile) XCC, Lenovo VX 2U4N Certified Node (ThinkAgile) XCC, Lenovo VX 4U Certified Node (ThinkAgile) XCC, Lenovo VX1320 (ThinkAgile) XCC, Lenovo VX2320 (ThinkAgile) XCC, Lenovo VX2330 Appliance (ThinkAgile) XCC, Lenovo VX3320 (ThinkAgile) XCC, Lenovo VX3330 Appliance (ThinkAgile) XCC, Lenovo VX3520-G (ThinkAgile) XCC, Lenovo VX3530-G Appliance (ThinkAgile) XCC, Lenovo VX3720 (ThinkAgile) XCC, Lenovo VX5520 (ThinkAgile) XCC, Lenovo VX5530 Appliance (ThinkAgile) XCC, Lenovo VX635 V3 Integrated System (ThinkAgile) XCC, Lenovo VX645 V3 Certified Node (ThinkAgile) XCC, Lenovo VX645 V3 Integrated System (ThinkAgile) XCC, Lenovo VX655 V3 Certified Node (ThinkAgile) XCC, Lenovo VX655 V3 Integrated System (ThinkAgile) XCC, Lenovo VX665 V3 Certified Node (ThinkAgile) XCC, Lenovo VX665 V3 Integrated System (ThinkAgile) XCC, Lenovo VX7320 N (ThinkAgile) XCC, Lenovo VX7330 Appliance (Thinkagile) XCC, Lenovo VX7520 (ThinkAgile) XCC, Lenovo VX7520 N (ThinkAgile) XCC, Lenovo VX7530 Appliance (ThinkAgile) XCC, Lenovo VX7531 Certified Node (ThinkAgile) XCC, Lenovo VX7820 (ThinkAgile) XCC.

Description

Remediation

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions