CVE-2017-3770

8.8HIGH

Key Information:

Vendor: Lenovo
Status: Lenovo Xclarity Administrator (lxca)
Vendor: CVE Published:; 22 September 2017

Summary

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.

Affected Version(s)

Lenovo XClarity Administrator (LXCA) Earlier than 1.3.2

References

https://support.lenovo.com/us/en/product_security/LEN-16333

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 22, 2017
Vulnerability Reserved
Dec 16, 2016