Thinkagile hx1321 firmware

This hub aggregates every CVE we track for Thinkagile hx1321 firmware, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Thinkagile hx1321 firmware.

• CVE-2024-2659 A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administr...7.2Apr 15, 2024
• CVE-2023-4607An authenticated XCC user can change permissions for any user through a crafted API command.7.5Oct 24, 2023
• CVE-2023-0683A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.8.3May 1, 2023
• CVE-2023-25492A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.6.3May 1, 2023
• CVE-2023-25495A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configuratio...4.9Apr 28, 2023
• CVE-2023-29056A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/A...5.3Apr 28, 2023
• CVE-2023-29057A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be co...7.3Apr 28, 2023
• CVE-2023-29058A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disa...6.4Apr 28, 2023
• CVE-2022-34888The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access contr...2.7Jan 30, 2023
• CVE-2022-34884A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.7.2Jan 30, 2023
• CVE-2022-40137A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.6.7Jan 30, 2023
• CVE-2022-40134An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.4.4Jan 30, 2023