What is the severity of CVE-2024-8059?

CVE-2024-8059 has a MEDIUM severity rating with a CVSS score of 4.3. The EPSS (Exploit Prediction Scoring System) score is 0.00051, indicating a 0.1% probability of exploitation in the wild within 30 days.

When was CVE-2024-8059 published?

CVE-2024-8059 was published on September 13, 2024.

CVE-2024-8059

Q: What is CVE-2024-8059?

CVE-2024-8059 is a medium severity security vulnerability. IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

MEDIUM

Published 2024-09-13T17:27:11.059Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-8059. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

4.3

/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.158

Higher than 15.8% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Description

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

Understanding This Vulnerability

This Common Vulnerabilities and Exposures (CVE) entry provides detailed information about a security vulnerability that has been publicly disclosed. CVEs are standardized identifiers assigned by MITRE Corporation to track and catalog security vulnerabilities across software and hardware products.

The severity rating (MEDIUM) indicates the potential impact of this vulnerability based on the CVSS (Common Vulnerability Scoring System) framework. Higher severity ratings typically indicate vulnerabilities that could lead to more significant security breaches if exploited. Security teams should prioritize remediation efforts based on severity, exploit availability, and the EPSS (Exploit Prediction Scoring System) score, which predicts the likelihood of exploitation in the wild.

If this vulnerability affects products or systems in your infrastructure, we recommend reviewing the affected products section, checking for available patches or updates from vendors, and implementing recommended workarounds or solutions until a permanent fix is available. Organizations should also monitor security advisories and threat intelligence feeds for updates about active exploitation of this vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Lenovo

HX5530 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7530 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

ST250 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

VX3331 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX Enclosure Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX1021 Edge Certified Node 3yr (ThinkAgile) XCC

Affected Versions:

Lenovo

HX1320 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX1321 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX1331 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX1520-R Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX1521-R Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX2320-E Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX2321 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX2330 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX2331 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX2720-E Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3320 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3321 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3330 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3331 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3331 Node SAP HANA (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3375 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3376 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3520-G Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3521-G Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3720 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX3721 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX5520 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX5520-C Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX5521 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX5521-C Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX5531 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7520 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7521 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7530 Appl for SAP HANA (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7531 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7531 Node SAP HANA (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7820 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

HX7821 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

MX Edge Appliance - MX1020 (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3330-F All-flash Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3330-H Hybrid Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3331-F All-flash Certified node (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3331-H Hybrid Certified node (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3530 F All flash Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3530-H Hybrid Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3531 H Hybrid Certified node (ThinkAgile) XCC

Affected Versions:

Lenovo

MX3531-F All-flash Certified node (ThinkAgile) XCC

Affected Versions:

Lenovo

P920 Rack Workstation (ThinkStation) XCC

Affected Versions:

Lenovo

SD530 (ThinkSystem) XCC

Affected Versions:

Lenovo

SD530 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SD550 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SD630 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SD650 DWC Dual Node Tray (ThinkSystem) XCC

Affected Versions:

Lenovo

SD650 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SD650 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SD650-N V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SD665 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SE350 (ThinkSystem) XCC

Affected Versions:

Lenovo

SE350 V2 (ThinkEdge) XCC

Affected Versions:

Lenovo

SE360 V2 (ThinkEdge) XCC

Affected Versions:

Lenovo

SE450 (ThinkEdge) XCC

Affected Versions:

Lenovo

SE455 V3 (ThinkEdge) XCC

Affected Versions:

Lenovo

SN550 (ThinkSystem) XCC

Affected Versions:

Lenovo

SN550 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SN850 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR150 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR158 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR250 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR250 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR250 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR258 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR258 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR258 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR530 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR550 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR570 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR590 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR630 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR630 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR630 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR635 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR645 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR645 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR650 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR650 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR650 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR655 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR665 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR665 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR670 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR670 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR675 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR850 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR850 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR850 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR850P (ThinkSystem) XCC

Affected Versions:

Lenovo

SR860 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR860 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR860 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR950 (ThinkSystem) XCC

Affected Versions:

Lenovo

SR950 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST250 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST250 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST258 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST258 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST258 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST550 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST650 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST650 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST658 V2 (ThinkSystem) XCC

Affected Versions:

Lenovo

ST658 V3 (ThinkSystem) XCC

Affected Versions:

Lenovo

ThinkAgile MX1021 on SE350 XCC

Affected Versions:

Lenovo

VX 1SE Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

VX 2U4N Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

VX 4U Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

VX1320 (ThinkAgile) XCC

Affected Versions:

Lenovo

VX2320 (ThinkAgile) XCC

Affected Versions:

Lenovo

VX2330 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

VX3320 (ThinkAgile) XCC

Affected Versions:

Lenovo

VX3330 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

VX3520-G (ThinkAgile) XCC

Affected Versions:

Lenovo

VX3530-G Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

VX3720 (ThinkAgile) XCC

Affected Versions:

Lenovo

VX5520 (ThinkAgile) XCC

Affected Versions:

Lenovo

VX5530 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

VX635 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

Lenovo

VX645 V3 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

VX645 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

Lenovo

VX655 V3 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

VX655 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

Lenovo

VX665 V3 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

VX665 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

Lenovo

VX7320 N (ThinkAgile) XCC

Affected Versions:

Lenovo

VX7330 Appliance (Thinkagile) XCC

Affected Versions:

Lenovo

VX7520 (ThinkAgile) XCC

Affected Versions:

Lenovo

VX7520 N (ThinkAgile) XCC

Affected Versions:

Lenovo

VX7530 Appliance (ThinkAgile) XCC

Affected Versions:

Lenovo

VX7531 Certified Node (ThinkAgile) XCC

Affected Versions:

Lenovo

VX7820 (ThinkAgile) XCC

Affected Versions:

References

https://support.lenovo.com/us/en/product_security/LEN-172051 (CNA)

Solutions

Update XClarity Controller to the version (or newer) indicated for your model in the advisory: https://support.lenovo.com/us/en/product_security/LEN-172051

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Malicious code in bioql (PyPI)

Affected Products (ENISA)

lenovo

hx3321 certified node (thinkagile) xcc

ENISA Scoring

CVSS Score (3.1)

4.3

/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.060

probability

ENISA References

https://support.lenovo.com/us/en/product_security/LEN-172051

Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-2hgx-34f4-hp3q

Advisory Details

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-8059

WEB https://support.lenovo.com/us/en/product_security/LEN-172051

Advisory provided by GitHub Security Advisory Database. Published: September 13, 2024, Modified: September 13, 2024

References

https://support.lenovo.com/us/en/product_security/LEN-172051

Published: 2024-09-13T17:27:11.059Z

Last Modified: 2024-09-13T17:55:08.750Z

Copied to clipboard!