CVE-2022-34887 - OpenCVE

Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	G263dns G263dns Firmware Gm266dns Firmware Gm266dns Gm265dn Firmware Gm265dn

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*

References

Link	Resource
https://iknow.lenovo.com.cn/detail/205041.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-27T18:48:18.668Z

Updated: 2023-10-27T18:49:44.619Z

Reserved: 2022-06-30T19:42:17.792Z

Link: CVE-2022-34887

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-27T19:15:40.997

Modified: 2023-11-07T16:45:18.983

Link: CVE-2022-34887

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-34887", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-06-30T19:42:17.792Z", "datePublished": "2023-10-27T18:48:18.668Z", "dateUpdated": "2023-10-27T18:49:44.619Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Printer GM265DN (production date June 2022 and before)", "vendor": "Lenovo", "versions": [{"lessThan": "01.00.20N", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM265DN (production date July 2022 and later)", "vendor": "Lenovo", "versions": [{"lessThan": " 01.17.00.03.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer GM266DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Printer G263DNS", "vendor": "Lenovo", "versions": [{"lessThan": "02.06.00.04.00", "status": "affected", "version": " ", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."}], "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-27T18:49:44.619Z"}, "references": [{"url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of LEN-101969 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>."}], "value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html ."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm265dn_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "02BBC764-0C8F-4CE6-A5FB-EDEE1CD6E7DD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm265dn:-:*:*:*:*:*:*:*", "matchCriteriaId": "45743A19-7FFA-4536-A174-92675A021F2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:gm266dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "244656B9-B396-4CAE-A44E-E2A1A2CD4CFD", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:gm266dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F722BE7-3F04-4F14-AFED-7721699396E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:g263dns_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7134EF9E-FED9-4866-9260-07FAF0C9DE31", "versionEndExcluding": "02.06.00.04.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:g263dns:-:*:*:*:*:*:*:*", "matchCriteriaId": "72AA6E25-1657-4D37-B620-45B6D667C70D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."}, {"lang": "es", "value": "Los usuarios est\u00e1ndar pueden operar y configurar directamente la informaci\u00f3n de configuraci\u00f3n de la impresora, como IP, en algunas impresoras Lenovo sin tener que autenticarse con la contrase\u00f1a de administrador."}], "id": "CVE-2022-34887", "lastModified": "2023-11-07T16:45:18.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2023-10-27T19:15:40.997", "references": [{"source": "psirt@lenovo.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/205041.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "psirt@lenovo.com", "type": "Primary"}]}