CVE-2024-38510

Name of the Vulnerable Software and Affected Versions Lenovo XClarity Controller (XCC) (affected versions not specified)

Description A privilege escalation issue was discovered in the SSH captive command shell interface. This could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. The vulnerability is related to the failure to neutralize special elements, which could enable a remote attacker to execute arbitrary commands using specially crafted files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.