CVE-2022-34884
high-risk
Published 2023-01-30
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.
Do I need to act?
-
0.58% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Thinkagile Vx3331 Firmware
Thinkagile Hx Enclosure Certified Node Firmware
Thinkagile Hx1021 Firmware
Thinkagile Hx1320 Firmware
Thinkagile Hx1321 Firmware
Thinkagile Hx1520-R Firmware
Thinkagile Hx1521-R Firmware
Thinkagile Hx2320-E Firmware
Thinkagile Hx2321 Firmware
Thinkagile Hx2720-E Firmware
Thinkagile Hx3320 Firmware
Thinkagile Hx3321 Firmware
Thinkagile Hx3375 Firmware
Thinkagile Hx3376 Firmware
Thinkagile Hx3520-G Firmware
Thinkagile Hx3521-G Firmware
Thinkagile Hx3720 Firmware
Thinkagile Hx3721 Firmware
Thinkagile Hx5520 Firmware
Thinkagile Hx5520-C Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-87734
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-87734
58
/ 100
high-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
30/34 · Critical