CVE-2022-34888

Name of the Vulnerable Software and Affected Versions Lenovo ThinkSystem versions (affected versions not specified) Lenovo ThinkStation versions (affected versions not specified) Lenovo ThinkEdge versions (affected versions not specified) Lenovo ThinkAgile versions (affected versions not specified)

Description The issue is related to a buffer overflow in the memory of the Remote Presence subsystem of the Lenovo software. This can potentially allow a remote attacker to elevate their privileges. Additionally, the Remote Mount feature can be abused by authenticated users to access internal services that are not normally accessible, although internal service access controls remain in effect.

Recommendations For Lenovo ThinkSystem, update to a version that fixes the buffer overflow issue in the Remote Presence subsystem. For Lenovo ThinkStation, restrict access to the Remote Mount feature to prevent abuse by authenticated users. For Lenovo ThinkEdge, consider disabling the Remote Mount feature until a patch is available to prevent potential exploitation. For Lenovo ThinkAgile, apply internal service access controls to minimize the risk of unauthorized access to internal services. At the moment, there is no information about a newer version that contains a fix for this vulnerability.