{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T00:33:55.149","vulnerabilities":[{"cve":{"id":"CVE-2024-38510","sourceIdentifier":"psirt@lenovo.com","published":"2024-07-26T20:15:04.053","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads."},{"lang":"es","value":" Se descubrió una vulnerabilidad de escalada de privilegios en la interfaz del shell de comandos cautivos SSH que podría permitir a un usuario XCC autenticado con privilegios elevados realizar la inyección de comandos mediante cargas de archivos especialmente manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"psirt@lenovo.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@lenovo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-156781","source":"psirt@lenovo.com"},{"url":"https://support.lenovo.com/us/en/product_security/LEN-156781","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}