CVE & CISA-KEV Catalog

CVE-2023-0683

HIGH
8.3
CVSS v3
NVD

Description

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

How to fix

Remediation Available
thinkagile hx1021 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile hx1320 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx1321 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx1331 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx1520-r firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx1521-r firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx2320-e firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx2321 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx2330 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx2331 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx2720-e firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile hx3320 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx3321 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx3330 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx3331 firmwareNVD
Affected:< 4.71_d8bt48pFixed in:4.71_d8bt48pCVE-2023-0683derived from NVD
thinkagile hx3375 firmwareNVD
Affected:< 4.71_d8bt48pFixed in:4.71_d8bt48pCVE-2023-0683derived from NVD
thinkagile hx3376 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx3520-g firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx3521-g firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile hx3720 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile hx3721 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx5520-c firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx5520 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx5521-c firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx5521 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx5530 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx5531 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx7520 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile hx7521 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx7530 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile hx7531 firmwareNVD
Affected:< 2.75_psi348sFixed in:2.75_psi348sCVE-2023-0683derived from NVD
thinkagile hx7820 firmwareNVD
Affected:< 2.75_psi348sFixed in:2.75_psi348sCVE-2023-0683derived from NVD
thinkagile hx7821 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile hx enclosure firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile mx1020 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile mx1021 on se350 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile mx3330-f firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile mx3330-h firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile mx3331-f firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile mx3331-h firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile mx3530-h firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile mx3530 f firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile mx3531-f firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile mx3531 h firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx1320 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile vx2320 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile vx2330 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx3320 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile vx3330 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx3331 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx3520-g firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile vx3530-g firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx3720 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile vx5520 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile vx5530 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx7320 n firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile vx7330 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx7520 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile vx7520 n firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinkagile vx7530 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx7531 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinkagile vx7820 firmwareNVD
Affected:< 2.75_psi348sFixed in:2.75_psi348sCVE-2023-0683derived from NVD
thinkagile vx 1se firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile vx 2u4n firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinkagile vx 4u firmwareNVD
Affected:< 2.75_psi348sFixed in:2.75_psi348sCVE-2023-0683derived from NVD
thinkedge se450 firmwareNVD
Affected:< 1.60_usx324oFixed in:1.60_usx324oCVE-2023-0683derived from NVD
thinkstation p920 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem sd530 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sd630 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sd650-n v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sd650 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sd650 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem se350 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sn550 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sn550 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sn850 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr150 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr158 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr250 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr250 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sr258 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr258 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sr530 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem sr550 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem sr570 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem sr590 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem sr630 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem sr630 v2 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinksystem sr645 firmwareNVD
Affected:< 4.71_d8bt48pFixed in:4.71_d8bt48pCVE-2023-0683derived from NVD
thinksystem sr645 v3 firmwareNVD
Affected:< 4.71_d8bt48pFixed in:4.71_d8bt48pCVE-2023-0683derived from NVD
thinksystem sr650 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem sr650 v2 firmwareNVD
Affected:< 2.93_afbt30pFixed in:2.93_afbt30pCVE-2023-0683derived from NVD
thinksystem sr665 firmwareNVD
Affected:< 4.71_d8bt48pFixed in:4.71_d8bt48pCVE-2023-0683derived from NVD
thinksystem sr665 v3 firmwareNVD
Affected:< 4.71_d8bt48pFixed in:4.71_d8bt48pCVE-2023-0683derived from NVD
thinksystem sr670 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr670 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sr850 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr850 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sr850p firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr860 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem sr860 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem sr950 firmwareNVD
Affected:< 2.75_psi348sFixed in:2.75_psi348sCVE-2023-0683derived from NVD
thinksystem st250 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem st250 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem st258 firmwareNVD
Affected:< 3.72_tei388sFixed in:3.72_tei388sCVE-2023-0683derived from NVD
thinksystem st258 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem st550 firmwareNVD
Affected:< 8.88_cdi3a4aFixed in:8.88_cdi3a4aCVE-2023-0683derived from NVD
thinksystem st650 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD
thinksystem st658 v2 firmwareNVD
Affected:< 2.60_tgbt42hFixed in:2.60_tgbt42hCVE-2023-0683derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityLow
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

Exploit Intelligence

0.57%probability of exploitation in 30 days
43rdpercentile

Moderate risk: more likely to be exploited than 43% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-20 (Improper Input Validation) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-3400Critical10.0100%KEV + Ransom-
CVE-2021-45105Medium5.9100%-Fix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2021-21985Critical9.8100%KEV + RansomFix
CVE-2018-7600Critical9.8100%KEV + RansomFix
CVE-2020-3452High7.5100%KEVFix
Embed a live status badge for CVE-2023-0683
CVE-2023-0683 severity badge

Markdown

[![CVE-2023-0683](https://tridentstack.com/cve/badge/CVE-2023-0683.svg)](https://tridentstack.com/cve/CVE-2023-0683)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-0683"><img src="https://tridentstack.com/cve/badge/CVE-2023-0683.svg" alt="CVE-2023-0683"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.