CVE-2022-34888
moderate-risk
Published 2023-01-30
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.
Do I need to act?
-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.7/10
Low
NETWORK
/ LOW complexity
Affected Products (20)
Thinkagile Vx3331 Firmware
Thinkagile Hx Enclosure Certified Node Firmware
Thinkagile Hx1021 Firmware
Thinkagile Hx1320 Firmware
Thinkagile Hx1321 Firmware
Thinkagile Hx1520-R Firmware
Thinkagile Hx1521-R Firmware
Thinkagile Hx2320-E Firmware
Thinkagile Hx2321 Firmware
Thinkagile Hx2720-E Firmware
Thinkagile Hx3320 Firmware
Thinkagile Hx3321 Firmware
Thinkagile Hx3375 Firmware
Thinkagile Hx3376 Firmware
Thinkagile Hx3520-G Firmware
Thinkagile Hx3521-G Firmware
Thinkagile Hx3720 Firmware
Thinkagile Hx3721 Firmware
Thinkagile Hx5520 Firmware
Thinkagile Hx5520-C Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-87734
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-87734
45
/ 100
moderate-risk
Severity
14/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
30/34 · Critical