Details of VAR-202301-2329

ID

VAR-202301-2329

CVE

CVE-2022-34884

TITLE

plural Lenovo Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2022-012569

DESCRIPTION

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. plural Lenovo The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-34884 // JVNDB: JVNDB-2022-012569 // VULMON: CVE-2022-34884

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinksystem sr850	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7521	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx2321	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx2720-e	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3530-h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem st250 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd530	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem st250	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3720	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr258 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr650 v2	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3721	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3321	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1021	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem st550	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr665	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr150	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr250	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3531-f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3376	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx 2u4n	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3530 f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7520 n	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3531 h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr670 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7531	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx5530	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sn850	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx1021	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr645	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinksystem st258 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx 4u	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5521-c	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sn550 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem st650 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3330-h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr590	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3331-f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr630	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx1320	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr850p	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr158	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3520-g	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7320 n	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7820	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinksystem sn550	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr650	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr860	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3375	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx2320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx5520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd650 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr570	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx2320-e	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1520-r	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3521-g	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr550	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7820	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7821	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3520-g	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr950	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx1020	scope:	lte	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5521	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3530-g	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1321	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd650-n v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr670	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3331-h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr860 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem st258	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem st658 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr850 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3720	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkstation p920	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5520-c	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx enclosure certified node	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7330	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7530	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr250 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd630 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3331	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr530	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx 1se certified node	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr630 v2	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1521-r	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3330-f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd650 dwc	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx2330	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3330	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkedge se450	scope:	lt	version:	1.10_usx304w	Trust: 1.0
vendor:	lenovo	model:	thinksystem se350	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr258	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1520-r	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1521-r	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1321	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx2320-e	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx2720-e	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile vx3331	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx enclosure certified node	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1021	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1320	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx2321	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-012569 // NVD: CVE-2022-34884

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34884
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2022-34884
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-34884
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-2379
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34884
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2022-34884
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34884
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-012569 // CNNVD: CNNVD-202301-2379 // NVD: CVE-2022-34884 // NVD: CVE-2022-34884

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-012569 // NVD: CVE-2022-34884

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-2379

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202301-2379

PATCH

title:	LEN-87734	url:	https://support.lenovo.com/us/en/product_security/LEN-87734	Trust: 0.8
title:	Lenovo XClarity Controller Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224342	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-34884	Trust: 0.1

sources: VULMON: CVE-2022-34884 // JVNDB: JVNDB-2022-012569 // CNNVD: CNNVD-202301-2379

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34884	Trust: 3.3
db:	LENOVO	id:	LEN-87734	Trust: 1.7
db:	JVNDB	id:	JVNDB-2022-012569	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-2379	Trust: 0.6
db:	VULMON	id:	CVE-2022-34884	Trust: 0.1

sources: VULMON: CVE-2022-34884 // JVNDB: JVNDB-2022-012569 // CNNVD: CNNVD-202301-2379 // NVD: CVE-2022-34884

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-87734	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34884	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34884/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-34884	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-34884 // JVNDB: JVNDB-2022-012569 // CNNVD: CNNVD-202301-2379 // NVD: CVE-2022-34884

SOURCES

db:	VULMON	id:	CVE-2022-34884
db:	JVNDB	id:	JVNDB-2022-012569
db:	CNNVD	id:	CNNVD-202301-2379
db:	NVD	id:	CVE-2022-34884

LAST UPDATE DATE

2024-08-14T15:00:33.521000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-34884	date:	2023-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2022-012569	date:	2023-08-31T03:30:00
db:	CNNVD	id:	CNNVD-202301-2379	date:	2023-02-09T00:00:00
db:	NVD	id:	CVE-2022-34884	date:	2023-02-08T22:17:00.907

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-34884	date:	2023-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-012569	date:	2023-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202301-2379	date:	2023-01-30T00:00:00
db:	NVD	id:	CVE-2022-34884	date:	2023-01-30T22:15:11.770