CVE-2022-34887 - Vulnerability Details - OpenCVE

Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00086.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	G263dns G263dns Firmware Gm265dn Gm265dn Firmware Gm266dns Gm266dns Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-37791	Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.

Fixes

Solution

Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - https://iknow.lenovo.com.cn/detail/205041.html .

Workaround

No workaround given by the vendor.

References

Link	Providers
https://iknow.lenovo.com.cn/detail/205041.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-27T18:48:18.668Z

Updated: 2024-09-09T19:33:35.149Z

Reserved: 2022-06-30T19:42:17.792Z

Link: CVE-2022-34887

Vulnrichment

Updated: 2024-08-03T09:22:10.725Z

NVD

Status : Modified

Published: 2023-10-27T19:15:40.997

Modified: 2024-11-21T07:10:22.640

Link: CVE-2022-34887

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-34887", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-06-30T19:42:17.792Z", "datePublished": "2023-10-27T18:48:18.668Z", "dateUpdated": "2024-09-09T19:33:35.149Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Printer GM265DN (production date June 2022 and before)", "vendor": "Lenovo", "versions": [{"lessThan": "01.00.20N", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM265DN (production date July 2022 and later)", "vendor": "Lenovo", "versions": [{"lessThan": " 01.17.00.03.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM266DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer G263DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."}], "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T18:49:44.619Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>."}], "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html ."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:22:10.725Z"}, "title": "CVE Program Container", "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-09T19:28:22.966541Z", "id": "CVE-2022-34887", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:33:35.149Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:22:10.725Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-34887", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-09T19:28:22.966541Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T19:33:28.995Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "Printer GM265DN (production date June 2022 and before)", "versions": [{"status": "affected", "version": " ", "lessThan": "01.00.20N", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Printer GM265DN (production date July 2022 and later)", "versions": [{"status": "affected", "version": " ", "lessThan": " 01.17.00.03.00", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Printer GM266DNS", "versions": [{"status": "affected", "version": " ", "lessThan": "02.06.00.04.00", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Printer G263DNS", "versions": [{"status": "affected", "version": " ", "lessThan": "02.06.00.04.00", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html .", "supportingMedia": [{"type": "text/html", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>.", "base64": false}]}], "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.", "supportingMedia": [{"type": "text/html", "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T18:49:44.619Z"}}}, "cveMetadata": {"cveId": "CVE-2022-34887", "state": "PUBLISHED", "dateUpdated": "2024-09-09T19:33:35.149Z", "dateReserved": "2022-06-30T19:42:17.792Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2023-10-27T18:48:18.668Z", "assignerShortName": "lenovo"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "02BBC764-0C8F-4CE6-A5FB-EDEE1CD6E7DD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*", "matchCriteriaId": "45743A19-7FFA-4536-A174-92675A021F2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "244656B9-B396-4CAE-A44E-E2A1A2CD4CFD", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F722BE7-3F04-4F14-AFED-7721699396E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7134EF9E-FED9-4866-9260-07FAF0C9DE31", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "72AA6E25-1657-4D37-B620-45B6D667C70D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."}, {"lang": "es", "value": "Los usuarios est\u00e1ndar pueden operar y configurar directamente la informaci\u00f3n de configuraci\u00f3n de la impresora, como IP, en algunas impresoras Lenovo sin tener que autenticarse con la contrase\u00f1a de administrador."}], "id": "CVE-2022-34887", "lastModified": "2024-11-21T07:10:22.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-27T19:15:40.997", "references": [{"source": "psirt@lenovo.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}