CVE-2024-45104 – This vulnerability allows authenticated Lenovo ... (How to Fix)

Q: What is the severity of CVE-2024-45104?

CVE-2024-45104 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows authenticated Lenovo XClarity Administrator (LXCA) users with insufficient privileges to modify managed devices through a specially crafted API call. It affects LXCA deployments where user access controls are improperly enforced. Attackers could potentially alter device configurations or disrupt operations.

📋 TL;DR

This vulnerability allows authenticated Lenovo XClarity Administrator (LXCA) users with insufficient privileges to modify managed devices through a specially crafted API call. It affects LXCA deployments where user access controls are improperly enforced. Attackers could potentially alter device configurations or disrupt operations.

💻 Affected Systems

Products:

Lenovo XClarity Administrator (LXCA)

Versions: Specific versions not detailed in advisory; check Lenovo advisory for exact affected versions

Operating Systems: Linux-based appliance

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated LXCA user access; vulnerability exists in privilege validation logic

📦 What is this software?

Xclarity Administrator by Lenovo

View all CVEs affecting Xclarity Administrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could modify critical device configurations, disrupt operations, or potentially gain elevated access to managed infrastructure.

🟠

Likely Case

Privilege escalation allowing unauthorized users to modify device settings they shouldn't have access to, potentially causing service disruption.

🟢

If Mitigated

Limited impact with proper access controls, network segmentation, and monitoring in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and knowledge of API endpoints

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Lenovo advisory LEN-154748 for specific fixed versions

Vendor Advisory: https://support.lenovo.com/us/en/product_security/LEN-154748

Restart Required: Yes

Instructions:

1. Review Lenovo advisory LEN-154748. 2. Download and apply the latest LXCA update. 3. Restart LXCA services. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict LXCA Access

all

Limit LXCA access to only necessary administrative users and implement network segmentation

Review User Permissions

all

Audit and tighten user permissions within LXCA to follow least privilege principle

🧯 If You Can't Patch

Implement strict network segmentation to isolate LXCA management interface
Enhance monitoring of LXCA API calls and user activities for anomalous behavior

🔍 How to Verify

Check if Vulnerable:

Check LXCA version against affected versions listed in Lenovo advisory LEN-154748

Check Version:

Check LXCA web interface or CLI for version information

Verify Fix Applied:

Verify LXCA version is updated to patched version specified in Lenovo advisory

📡 Detection & Monitoring

Log Indicators:

Unusual API calls from non-privileged users
Device modification events from unexpected user accounts
Failed privilege validation attempts

Network Indicators:

Unusual API request patterns to LXCA management interface
Traffic to device modification endpoints from unauthorized sources

SIEM Query:

source="lxca" AND (event_type="device_modify" OR api_endpoint="/api/devices/*") AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2024-45104

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-282

Published: September 13, 2024

Last Updated: December 13, 2024

🔗 References

https://support.lenovo.com/us/en/product_security/LEN-154748 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45104, you might also want to check these: