CVE-2022-34888 — LOW (2.7) — White Hats Nepal

Q: How severe is CVE-2022-34888?

CVE-2022-34888 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-34888?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkagile Vx3331 Firmware, Lenovo Thinkagile Vx3331, Lenovo Thinkagile Hx Enclosure Certified Node Firmware, Lenovo Thinkagile Hx Enclosure Certified Node, Lenovo Thinkagile Hx1021 Firmware.

Vulnerability Description

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.

CVSS Score

2.7

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Lenovo	Thinkagile Vx3331 Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Vx3331	-
Lenovo	Thinkagile Hx Enclosure Certified Node Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Hx Enclosure Certified Node	-
Lenovo	Thinkagile Hx1021 Firmware	< 3.60_tei386m
Lenovo	Thinkagile Hx1021	-
Lenovo	Thinkagile Hx1320 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx1320	-
Lenovo	Thinkagile Hx1321 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx1321	-
Lenovo	Thinkagile Hx1520-R Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx1520-R	-
Lenovo	Thinkagile Hx1521-R Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx1521-R	-
Lenovo	Thinkagile Hx2320-E Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx2320-E	-
Lenovo	Thinkagile Hx2321 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx2321	-
Lenovo	Thinkagile Hx2720-E Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Hx2720-E	-

Related Weaknesses (CWE)

CWE-184 CWE-697

References

https://support.lenovo.com/us/en/product_security/LEN-87734Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-87734Vendor Advisory

FAQ

What is CVE-2022-34888?

CVE-2022-34888 is a vulnerability with a CVSS score of 2.7 (LOW). The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls...

How severe is CVE-2022-34888?

CVE-2022-34888 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-34888?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkagile Vx3331 Firmware, Lenovo Thinkagile Vx3331, Lenovo Thinkagile Hx Enclosure Certified Node Firmware, Lenovo Thinkagile Hx Enclosure Certified Node, Lenovo Thinkagile Hx1021 Firmware.