Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-8281

HIGH
Published 2024-09-13T17:27:48.442Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-8281. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.2
/10
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.008
probability
of exploitation in the wild

There is a 0.8% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.730
Higher than 73.0% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Lenovo

HX5530 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7530 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

ST250 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

VX3331 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX Enclosure Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX1021 Edge Certified Node 3yr (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX1320 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX1321 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX1331 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX1520-R Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX1521-R Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX2320-E Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX2321 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX2330 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX2331 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX2720-E Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3320 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3321 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3330 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3331 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3331 Node SAP HANA (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3375 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3376 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3520-G Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3521-G Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3720 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX3721 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX5520 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX5520-C Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX5521 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX5521-C Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX5531 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7520 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7521 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7530 Appl for SAP HANA (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7531 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7531 Node SAP HANA (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7820 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

HX7821 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX Edge Appliance - MX1020 (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3330-F All-flash Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3330-H Hybrid Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3331-F All-flash Certified node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3331-H Hybrid Certified node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3530 F All flash Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3530-H Hybrid Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3531 H Hybrid Certified node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

MX3531-F All-flash Certified node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

P920 Rack Workstation (ThinkStation) XCC

Affected Versions:

0
Lenovo

SD530 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD530 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD550 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD630 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD650 DWC Dual Node Tray (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD650 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD650 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD650-N V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SD665 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SE350 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SE350 V2 (ThinkEdge) XCC

Affected Versions:

0
Lenovo

SE360 V2 (ThinkEdge) XCC

Affected Versions:

0
Lenovo

SE450 (ThinkEdge) XCC

Affected Versions:

0
Lenovo

SE455 V3 (ThinkEdge) XCC

Affected Versions:

0
Lenovo

SN550 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SN550 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SN850 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR150 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR158 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR250 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR250 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR250 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR258 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR258 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR258 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR530 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR550 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR570 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR590 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR630 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR630 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR630 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR635 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR645 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR645 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR650 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR650 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR650 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR655 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR665 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR665 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR670 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR670 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR675 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR850 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR850 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR850 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR850P (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR860 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR860 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR860 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR950 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

SR950 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST250 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST250 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST258 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST258 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST258 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST550 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST650 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST650 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST658 V2 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ST658 V3 (ThinkSystem) XCC

Affected Versions:

0
Lenovo

ThinkAgile MX1021 on SE350 XCC

Affected Versions:

0
Lenovo

VX 1SE Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX 2U4N Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX 4U Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX1320 (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX2320 (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX2330 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX3320 (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX3330 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX3520-G (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX3530-G Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX3720 (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX5520 (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX5530 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX635 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX645 V3 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX645 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX655 V3 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX655 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX665 V3 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX665 V3 Integrated System (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX7320 N (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX7330 Appliance (Thinkagile) XCC

Affected Versions:

0
Lenovo

VX7520 (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX7520 N (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX7530 Appliance (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX7531 Certified Node (ThinkAgile) XCC

Affected Versions:

0
Lenovo

VX7820 (ThinkAgile) XCC

Affected Versions:

0
lenovo

thinkagile_hx7530_firmware

Affected Versions:

0
lenovo

thinksystem_st250_v3_firmware

Affected Versions:

0
lenovo

thinkagile_hx1320_firmware

Affected Versions:

0
lenovo

thinkagile_hx3375_firmware

Affected Versions:

0
lenovo

thinkagile_hx_enclosure_certified_node_firmware

Affected Versions:

0
lenovo

thinkagile_hx1021_edge_certified_node_3yr_firmware

Affected Versions:

0
lenovo

thinkagile_hx7820_firmware

Affected Versions:

0
lenovo

thinksystem_sd530_v3_firmware

Affected Versions:

0
lenovo

thinksystem_sd630_v2_firmware

Affected Versions:

0
lenovo

thinksystem_st650_v3_firmware

Affected Versions:

0
lenovo

thinksystem_sr675_v3_firmware

Affected Versions:

0
lenovo

thinkedge_se350_v2_firmware

Affected Versions:

0
lenovo

thinkedge_se450__firmware

Affected Versions:

0
lenovo

thinkedge_se455_v3_firmware

Affected Versions:

0
lenovo

thinksystem_sr630_v3_firmware

Affected Versions:

0
lenovo

thinksystem_sr635_v3_firmware

Affected Versions:

0
lenovo

thinksystem_sr850_v3_firmware

Affected Versions:

0
lenovo

thinksystem_sr950_v3_firmware

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-w25j-fg8w-7xmx

Advisory Details

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-8281
WEB https://support.lenovo.com/us/en/product_security/LEN-172051

Advisory provided by GitHub Security Advisory Database. Published: September 13, 2024, Modified: September 13, 2024

References

https://support.lenovo.com/us/en/product_security/LEN-172051
Published: 2024-09-13T17:27:48.442Z
Last Modified: 2024-09-13T20:53:47.959Z
Copied to clipboard!