CVE-2022-34888

LOW

Remote Mount - SSRF

Title source: llm

Description

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-87734

Scores

CVSS v3 2.7

EPSS 0.0024

EPSS Percentile 47.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-184 CWE-697

Status published

Products (50)

lenovo/thinkagile_hx1021_firmware < 3.60_tei386m

lenovo/thinkagile_hx1320_firmware < 8.40-cdi394n

lenovo/thinkagile_hx1321_firmware < 8.40-cdi394n

lenovo/thinkagile_hx1520-r_firmware < 8.40-cdi394n

lenovo/thinkagile_hx1521-r_firmware < 8.40-cdi394n

lenovo/thinkagile_hx2320-e_firmware < 8.40-cdi394n

lenovo/thinkagile_hx2321_firmware < 8.40-cdi394n

lenovo/thinkagile_hx2720-e_firmware < 5.20_tei3c8m

lenovo/thinkagile_hx3320_firmware < 8.40-cdi394n

lenovo/thinkagile_hx3321_firmware < 8.40-cdi394n

... and 40 more

Published Jan 30, 2023

Tracked Since Feb 18, 2026