- Description
- Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
- Source
- psirt@lenovo.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B8B3461-FE28-4F26-B347-0AB295D0EB2E",
"versionEndIncluding": "1.3.1"
}
],
"operator": "OR"
}
]
}
]