CVE-2022-3429 - Vulnerability Details - OpenCVE

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00078.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	G263dns G263dns Firmware Gm265dn Gm265dn Firmware Gm266dns Gm266dns Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-42805	A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

Fixes

Solution

Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - https://iknow.lenovo.com.cn/detail/205041.html .

Workaround

No workaround given by the vendor.

References

Link	Providers
https://iknow.lenovo.com.cn/detail/205041.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-27T18:57:50.748Z

Updated: 2024-09-09T19:33:08.586Z

Reserved: 2022-10-07T18:54:30.917Z

Link: CVE-2022-3429

Vulnrichment

Updated: 2024-08-03T01:07:06.548Z

NVD

Status : Modified

Published: 2023-10-27T19:15:41.080

Modified: 2024-11-21T07:19:29.717

Link: CVE-2022-3429

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3429", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-10-07T18:54:30.917Z", "datePublished": "2023-10-27T18:57:50.748Z", "dateUpdated": "2024-09-09T19:33:08.586Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Printer GM265DN (production date June 2022 and before)", "vendor": "Lenovo", "versions": [{"lessThan": "01.00.20N", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM265DN (production date July 2022 and later)", "vendor": "Lenovo", "versions": [{"lessThan": " 01.17.00.03.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM266DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer G263DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."}], "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T18:57:50.748Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>."}], "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html ."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.548Z"}, "title": "CVE Program Container", "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T19:28:10.318322Z", "id": "CVE-2022-3429", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:33:08.586Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.548Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3429", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T19:28:10.318322Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:33:00.749Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "Printer GM265DN (production date June 2022 and before)", "versions": [{"status": "affected", "version": " ", "lessThan": "01.00.20N", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Printer GM265DN (production date July 2022 and later)", "versions": [{"status": "affected", "version": " ", "lessThan": " 01.17.00.03.00", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Printer GM266DNS", "versions": [{"status": "affected", "version": " ", "lessThan": "02.06.00.04.00", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Printer G263DNS", "versions": [{"status": "affected", "version": " ", "lessThan": "02.06.00.04.00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html .", "supportingMedia": [{"type": "text/html", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>.", "base64": false}]}], "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.", "supportingMedia": [{"type": "text/html", "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T18:57:50.748Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3429", "state": "PUBLISHED", "dateUpdated": "2024-09-09T19:33:08.586Z", "dateReserved": "2022-10-07T18:54:30.917Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2023-10-27T18:57:50.748Z", "assignerShortName": "lenovo"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "02BBC764-0C8F-4CE6-A5FB-EDEE1CD6E7DD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*", "matchCriteriaId": "45743A19-7FFA-4536-A174-92675A021F2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "244656B9-B396-4CAE-A44E-E2A1A2CD4CFD", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F722BE7-3F04-4F14-AFED-7721699396E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7134EF9E-FED9-4866-9260-07FAF0C9DE31", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "72AA6E25-1657-4D37-B620-45B6D667C70D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el firmware utilizado en las impresoras Lenovo, donde los usuarios env\u00edan cadenas ilegales o con formato incorrecto a un puerto abierto, lo que desencadena una Denegaci\u00f3n de Servicio (DoS) que provoca un error de visualizaci\u00f3n e impide que la impresora funcione correctamente."}], "id": "CVE-2022-3429", "lastModified": "2024-11-21T07:19:29.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-27T19:15:41.080", "references": [{"source": "psirt@lenovo.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@lenovo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}