CVE-2022-34884

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkagile Hx1021 Firmware Lenovo Thinkagile Hx1320 Firmware Lenovo Thinkagile Hx1321 Firmware +96 more

Timeline

PublishedJan 30

Latest updateJan 31

Description

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages99 packages

▶NVDlenovo/thinkedge_se450_firmware< 1.10_usx304w

▶NVDlenovo/thinkagile_vx_4u_firmware< 2.50_psi346l

▶NVDlenovo/thinkagile_hx1021_firmware< 3.60_tei386m

▶NVDlenovo/thinkagile_hx1320_firmware< 8.40-cdi394n

▶NVDlenovo/thinkagile_hx1321_firmware< 8.40-cdi394n

🔴Vulnerability Details

GHSA

GHSA-25mx-7q4c-hfgq: A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem deni↗2023-01-31

▶

CVEList

CVE-2022-34884: A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem deni↗2023-01-30

▶