CVE-2022-34888 — Incomplete List of Disallowed Inputs in Lenovo Thinkagile Hx1021 Firmware

CWE-184 — Incomplete List of Disallowed Inputs CWE-697 — Incorrect Comparison3 documents3 sources

Severity

4.3MEDIUMNVD

CNA2.7

EPSS

0.2%

top 52.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Thinkagile Hx1021 Firmware Lenovo Thinkagile Hx1320 Firmware Lenovo Thinkagile Hx1321 Firmware +96 more

Timeline

PublishedJan 30

Latest updateJan 31

Description

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages99 packages

▶NVDlenovo/thinkedge_se450_firmware< 1.10_usx304w

▶NVDlenovo/thinkagile_vx_4u_firmware< 2.50_psi346l

▶NVDlenovo/thinkagile_hx1021_firmware< 3.60_tei386m

▶NVDlenovo/thinkagile_hx1320_firmware< 8.40-cdi394n

▶NVDlenovo/thinkagile_hx1321_firmware< 8.40-cdi394n

🔴Vulnerability Details

GHSA

GHSA-8pjh-hch3-85g6: The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be acc↗2023-01-31

▶

CVEList

CVE-2022-34888: The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be acc↗2023-01-30

▶