CVE-2023-25492

Summary

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

Affected Software

VendorProductVersion RangeStatus
LenovoXClarity ControllerSee product security advisory belowaffected

Weaknesses

  • CWE-134: CWE-134 Use of Externally-Controlled Format String

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References