{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-29058","assignerOrgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","state":"PUBLISHED","assignerShortName":"lenovo","dateReserved":"2023-03-30T12:46:45.646Z","datePublished":"2023-04-28T20:47:46.172Z","dateUpdated":"2025-01-30T18:49:28.930Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"XClarity Controller","vendor":"Lenovo","versions":[{"status":"affected","version":"Refer to Mitigation strategy section in LEN-118321"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions."}],"value":"A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-276","description":"CWE-276 Incorrect Default Permissions","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","shortName":"lenovo","dateUpdated":"2023-04-28T20:47:46.172Z"},"references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-118321"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Customers should update to the version (or later) of&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory:&nbsp;<br><span style=\"background-color: rgb(255, 255, 255);\"><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-118321\">https://support.lenovo.com/us/en/product_security/LEN-118321</a></span></span>"}],"value":"Customers should update to the version (or later) of Lenovo XClarity Controller (XCC) identified in the related Lenovo Product Security Advisory: \n https://support.lenovo.com/us/en/product_security/LEN-118321 https://support.lenovo.com/us/en/product_security/LEN-118321 "}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T14:00:15.529Z"},"title":"CVE Program Container","references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-118321","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-30T18:49:19.784833Z","id":"CVE-2023-29058","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-30T18:49:28.930Z"}}]}}