Privilege Escalation Vulnerability in SSH Captive Command Shell Interface
CVE-2024-38510
7.2HIGH
What is CVE-2024-38510?
A vulnerability has been identified in Lenovo's SSH captive command shell interface, enabling privilege escalation for authenticated XCC users with elevated privileges. It allows for the execution of command injection attacks through the upload of specially crafted files. This security flaw poses significant risks, as attackers can exploit it to gain unauthorized access to sensitive system functionalities and execute arbitrary commands, compromising the integrity and security of affected environments.
Affected Version(s)
XClarity Controller various