Privilege Escalation: LXCA Admin Lets Unmanage Device via Web UI
CVE-2024-45103 Published on September 13, 2024
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
Vulnerability Analysis
CVE-2024-45103 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Improper Ownership Management
The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.
Products Associated with CVE-2024-45103
Want to know whenever a new CVE is published for Lenovo Xclarity Administrator? stack.watch will email you.
Affected Versions
Lenovo XClarity Administrator:- Before 4.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.