CVE-2022-3429 - OpenCVE

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	G263dns G263dns Firmware Gm266dns Firmware Gm266dns Gm265dn Firmware Gm265dn

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*

References

Link	Resource
https://iknow.lenovo.com.cn/detail/205041.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-27T18:57:50.748Z

Updated: 2023-10-27T18:57:50.748Z

Reserved: 2022-10-07T18:54:30.917Z

Link: CVE-2022-3429

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-27T19:15:41.080

Modified: 2023-11-07T16:47:31.723

Link: CVE-2022-3429

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3429", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-10-07T18:54:30.917Z", "datePublished": "2023-10-27T18:57:50.748Z", "dateUpdated": "2023-10-27T18:57:50.748Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Printer GM265DN (production date June 2022 and before)", "vendor": "Lenovo", "versions": [{"lessThan": "01.00.20N", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM265DN (production date July 2022 and later)", "vendor": "Lenovo", "versions": [{"lessThan": " 01.17.00.03.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM266DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer G263DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."}], "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T18:57:50.748Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>."}], "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html ."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "02BBC764-0C8F-4CE6-A5FB-EDEE1CD6E7DD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*", "matchCriteriaId": "45743A19-7FFA-4536-A174-92675A021F2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "244656B9-B396-4CAE-A44E-E2A1A2CD4CFD", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F722BE7-3F04-4F14-AFED-7721699396E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7134EF9E-FED9-4866-9260-07FAF0C9DE31", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "72AA6E25-1657-4D37-B620-45B6D667C70D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el firmware utilizado en las impresoras Lenovo, donde los usuarios env\u00edan cadenas ilegales o con formato incorrecto a un puerto abierto, lo que desencadena una Denegaci\u00f3n de Servicio (DoS) que provoca un error de visualizaci\u00f3n e impide que la impresora funcione correctamente."}], "id": "CVE-2022-3429", "lastModified": "2023-11-07T16:47:31.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2023-10-27T19:15:41.080", "references": [{"source": "psirt@lenovo.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}