IPMI Credentials at Risk Due to Length of AccountUsername
CVE-2024-8059

4.3MEDIUM

Key Information:

Vendor: Lenovo
Status: Hx5530 Appliance (thinkagile) Xcc; Hx7530 Appliance (thinkagile) Xcc; St250 V3 (thinksystem) Xcc; Vx3331 Certified Node (thinkagile) Xcc
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-8059?

IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters.

HX Enclosure Certified Node (ThinkAgile) XCC 0 < 6.40 TEI3F3E

HX1021 Edge Certified Node 3yr (ThinkAgile) XCC 0 < 4.12 TEI3E4D

HX1320 Appliance (ThinkAgile) XCC 0 < 9.98 CDI3B4E

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet