CVE-2022-34884 | ByteOS Network

Vulnerability Details :

CVE-2022-34884

Assigner-lenovo

Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At-30 Jan, 2023 | 21:32

Updated At-27 Mar, 2025 | 15:19

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:lenovo

Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b

Published At:30 Jan, 2023 | 21:32

Updated At:27 Mar, 2025 | 15:19

▼CVE Numbering Authority (CNA)

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

Affected Products

Vendor

Lenovo Group Limited

Product

Lenovo XClarity Controller

Default Status

unaffected

Versions

Affected

various

Problem Types

Type	CWE ID	Description
CWE	CWE-121	CWE-121: Stack-based Buffer Overflow

Type: CWE

CWE ID: CWE-121

Description: CWE-121: Stack-based Buffer Overflow

Metrics

Version	Base score	Base severity	Vector
3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Solutions

Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section in LEN-87734.

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-87734	N/A

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-87734

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://support.lenovo.com/us/en/product_security/LEN-87734	x_transferred

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-87734

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:psirt@lenovo.com

Published At:30 Jan, 2023 | 22:15

Updated At:08 Feb, 2023 | 22:17

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Lenovo Group Limited

>>thinkagile_vx3331>>-

cpe:2.3:h:lenovo:thinkagile_vx3331:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_vx3331_firmware>>Versions before 1.80_afbt20n(exclusive)

cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx_enclosure_certified_node>>-

cpe:2.3:h:lenovo:thinkagile_hx_enclosure_certified_node:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx_enclosure_certified_node_firmware>>Versions before 5.20_tei3c8m(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1021>>-

cpe:2.3:h:lenovo:thinkagile_hx1021:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1021_firmware>>Versions before 3.60_tei386m(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1021_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1320>>-

cpe:2.3:h:lenovo:thinkagile_hx1320:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1320_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1320_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1321>>-

cpe:2.3:h:lenovo:thinkagile_hx1321:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1321_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1321_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1520-r>>-

cpe:2.3:h:lenovo:thinkagile_hx1520-r:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1520-r_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1520-r_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1521-r>>-

cpe:2.3:h:lenovo:thinkagile_hx1521-r:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx1521-r_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx1521-r_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2320-e>>-

cpe:2.3:h:lenovo:thinkagile_hx2320-e:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2320-e_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2320-e_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2321_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2321_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2321>>-

cpe:2.3:h:lenovo:thinkagile_hx2321:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2720-e_firmware>>Versions before 5.20_tei3c8m(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx2720-e_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx2720-e>>-

cpe:2.3:h:lenovo:thinkagile_hx2720-e:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3320_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3320_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3320>>-

cpe:2.3:h:lenovo:thinkagile_hx3320:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3321_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3321_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3321>>-

cpe:2.3:h:lenovo:thinkagile_hx3321:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3375_firmware>>Versions before 4.10_d8bt38l(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3375>>-

cpe:2.3:h:lenovo:thinkagile_hx3375:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3376_firmware>>Versions before 4.10_d8bt38l(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3376>>-

cpe:2.3:h:lenovo:thinkagile_hx3376:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3520-g_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3520-g_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3520-g>>-

cpe:2.3:h:lenovo:thinkagile_hx3520-g:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3521-g_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3521-g_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3521-g>>-

cpe:2.3:h:lenovo:thinkagile_hx3521-g:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3720_firmware>>Versions before 5.20_tei3c8m(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3720_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3720>>-

cpe:2.3:h:lenovo:thinkagile_hx3720:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3721_firmware>>Versions before 5.20_tei3c8m(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx3721_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx3721>>-

cpe:2.3:h:lenovo:thinkagile_hx3721:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5520_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx5520_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5520>>-

cpe:2.3:h:lenovo:thinkagile_hx5520:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5520-c_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx5520-c_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5520-c>>-

cpe:2.3:h:lenovo:thinkagile_hx5520-c:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5521_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx5521_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5521>>-

cpe:2.3:h:lenovo:thinkagile_hx5521:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5521-c>>-

cpe:2.3:h:lenovo:thinkagile_hx5521-c:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx5521-c_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx5521-c_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7520_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx7520_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7520>>-

cpe:2.3:h:lenovo:thinkagile_hx7520:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7521_firmware>>Versions before 8.40-cdi394n(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7521>>-

cpe:2.3:h:lenovo:thinkagile_hx7521:-:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7820_firmware>>Versions before 2.50_psi346l(exclusive)

cpe:2.3:o:lenovo:thinkagile_hx7820_firmware:*:*:*:*:*:*:*:*

Lenovo Group Limited

>>thinkagile_hx7820>>-

cpe:2.3:h:lenovo:thinkagile_hx7820:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-121	Secondary	psirt@lenovo.com

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-121

Type: Secondary

Source: psirt@lenovo.com

References

Hyperlink	Source	Resource
https://support.lenovo.com/us/en/product_security/LEN-87734	psirt@lenovo.com	Vendor Advisory

Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-87734

Source: psirt@lenovo.com

Resource:

Vendor Advisory