CVE-2023-29057

CVSS V2 None CVSS V3 None

Description

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

Overview

CVE ID
CVE-2023-29057

Assigner
psirt@lenovo.com

Vulnerability Status
Received

Published Version
2023-04-28T21:15:08

Last Modified Date
2023-04-28T21:15:08

Weakness Enumerations

CWE	URL
CWE-276	http://cwe.mitre.org/data/definitions/276.html

References

Reference URL	Reference Tags
https://support.lenovo.com/us/en/product_security/LEN-118321

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-29057
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29057

History

Created	Old Value	New Value	Data Type	Notes
2023-04-28 22:00:48				Added to TrackCVE
2023-04-28 22:00:49			Weakness Enumeration	new