HX3376 Certified Node (ThinkAgile) XCC

0

SINGLE_NUMBER 5 CVEs

CVE-2024-8281

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell.

HIGH Sep 13, 2024

CVE-2024-8280

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.

HIGH Sep 13, 2024

CVE-2024-8279

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.

HIGH Sep 13, 2024

CVE-2024-8278

A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.

HIGH Sep 13, 2024

CVE-2024-8059

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

MEDIUM Sep 13, 2024