Details of VAR-202301-2330

ID

VAR-202301-2330

CVE

CVE-2022-34888

TITLE

plural Lenovo Improper Comparison Vulnerability in Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-012565

DESCRIPTION

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. plural Lenovo An improper comparison vulnerability exists in the product.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2022-34888 // JVNDB: JVNDB-2022-012565 // VULMON: CVE-2022-34888

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinksystem sr850	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7521	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx2321	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx2720-e	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3530-h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem st250 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd530	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem st250	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3720	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr258 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr650 v2	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3721	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3321	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1021	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem st550	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr665	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr150	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr250	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3531-f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3376	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx 2u4n	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3530 f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7520 n	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3531 h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr670 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7531	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx5530	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sn850	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx1021	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr645	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinksystem st258 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx 4u	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5521-c	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sn550 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem st650 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3330-h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr590	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3331-f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr630	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx1320	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr850p	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr158	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3520-g	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7320 n	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7820	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinksystem sn550	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr650	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr860	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3375	scope:	lt	version:	4.10_d8bt38l	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx2320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx5520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd650 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr570	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx2320-e	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1520-r	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3521-g	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr550	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7820	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7821	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3520-g	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr950	scope:	lt	version:	2.50_psi346l	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx1020	scope:	lte	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1320	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5521	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3530-g	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1321	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd650-n v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr670	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3331-h	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr860 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem st258	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem st658 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr850 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx3720	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkstation p920	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx5520-c	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx enclosure certified node	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7330	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx7530	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr250 v2	scope:	lt	version:	1.96_tgbt34x	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd630 v2	scope:	lt	version:	2.00_tgbt36o	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3331	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr530	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx 1se certified node	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr630 v2	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1521-r	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile mx3330-f	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinksystem sd650 dwc	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx2330	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkagile vx3330	scope:	lt	version:	1.80_afbt20n	Trust: 1.0
vendor:	lenovo	model:	thinkedge se450	scope:	lt	version:	1.10_usx304w	Trust: 1.0
vendor:	lenovo	model:	thinksystem se350	scope:	lt	version:	3.60_tei386m	Trust: 1.0
vendor:	lenovo	model:	thinksystem sr258	scope:	lt	version:	5.20_tei3c8m	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx7520	scope:	lt	version:	8.40-cdi394n	Trust: 1.0
vendor:	lenovo	model:	thinkagile hx1520-r	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1521-r	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1321	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx2320-e	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx2720-e	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile vx3331	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx enclosure certified node	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1021	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx1320	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	thinkagile hx2321	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-012565 // NVD: CVE-2022-34888

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34888
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2022-34888
value:	LOW
Trust: 1.0
NVD:	CVE-2022-34888
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-2376
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-34888
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2022-34888
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34888
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-012565 // CNNVD: CNNVD-202301-2376 // NVD: CVE-2022-34888 // NVD: CVE-2022-34888

PROBLEMTYPE DATA

problemtype:	CWE-697	Trust: 1.0
problemtype:	CWE-184	Trust: 1.0
problemtype:	Inappropriate comparison (CWE-697) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-012565 // NVD: CVE-2022-34888

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-2376

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-2376

PATCH

title:	LEN-87734	url:	https://support.lenovo.com/us/en/product_security/LEN-87734	Trust: 0.8
title:	Lenovo XClarity Controller Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=223622	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-34888	Trust: 0.1

sources: VULMON: CVE-2022-34888 // JVNDB: JVNDB-2022-012565 // CNNVD: CNNVD-202301-2376

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34888	Trust: 3.3
db:	LENOVO	id:	LEN-87734	Trust: 1.7
db:	JVNDB	id:	JVNDB-2022-012565	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-2376	Trust: 0.6
db:	VULMON	id:	CVE-2022-34888	Trust: 0.1

sources: VULMON: CVE-2022-34888 // JVNDB: JVNDB-2022-012565 // CNNVD: CNNVD-202301-2376 // NVD: CVE-2022-34888

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-87734	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34888	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-34888/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-34888	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-34888 // JVNDB: JVNDB-2022-012565 // CNNVD: CNNVD-202301-2376 // NVD: CVE-2022-34888

SOURCES

db:	VULMON	id:	CVE-2022-34888
db:	JVNDB	id:	JVNDB-2022-012565
db:	CNNVD	id:	CNNVD-202301-2376
db:	NVD	id:	CVE-2022-34888

LAST UPDATE DATE

2024-08-14T15:00:33.556000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-34888	date:	2023-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2022-012565	date:	2023-08-31T02:42:00
db:	CNNVD	id:	CNNVD-202301-2376	date:	2023-02-09T00:00:00
db:	NVD	id:	CVE-2022-34888	date:	2023-02-08T22:18:21.590

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-34888	date:	2023-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-012565	date:	2023-08-31T00:00:00
db:	CNNVD	id:	CNNVD-202301-2376	date:	2023-01-30T00:00:00
db:	NVD	id:	CVE-2022-34888	date:	2023-01-30T22:15:11.960