IPMI Credentials at Risk Due to Length of AccountUsername
CVE-2024-8059

4.3MEDIUM

Key Information:

Vendor
Lenovo
Status
Hx5530 Appliance (thinkagile) Xcc
Hx7530 Appliance (thinkagile) Xcc
St250 V3 (thinksystem) Xcc
Vx3331 Certified Node (thinkagile) Xcc
Vendor
CVE Published:
13 September 2024

Summary

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

Affected Version(s)

HX Enclosure Certified Node (ThinkAgile) XCC 0 < 6.40 TEI3F3E

HX1021 Edge Certified Node 3yr (ThinkAgile) XCC 0 < 4.12 TEI3E4D

HX1320 Appliance (ThinkAgile) XCC 0 < 9.98 CDI3B4E

References

https://support.lenovo.com/us/en/product_security/LEN-172051

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.