CVE-2022-34888

Name: CVE-2022-34888
Creator: NVD / NIST
Published: 2023-01-30T22:15:11.96+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.3/10EPSS 0.41%

Last modified Jun 17, 2026

CVE-2022-34888 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.

Metrics

CVSS 3.1

4.3/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.41%

33.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Lenovo	Thinkagile Vx3331 Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Hx Enclosure Certified Node Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Hx1021 Firmware	< 3.60_tei386m
Lenovo	Thinkagile Hx1320 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx1321 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx1520-R Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx1521-R Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx2320-E Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx2321 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx2720-E Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Hx3320 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx3321 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx3375 Firmware	< 4.10_d8bt38l
Lenovo	Thinkagile Hx3376 Firmware	< 4.10_d8bt38l
Lenovo	Thinkagile Hx3520-G Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx3521-G Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx3720 Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Hx3721 Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Hx5520 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx5520-C Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx5521 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx5521-C Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx7520 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx7521 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Hx7820 Firmware	< 2.50_psi346l
Lenovo	Thinkagile Hx7821 Firmware	< 2.50_psi346l
Lenovo	Thinkagile Mx1020 Firmware	<= 3.60_tei386m
Lenovo	Thinkagile Mx3330-F Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx3330-H Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx3331-F Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx3331-H Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx3530 F Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx3530-H Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx3531-F Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx3531 H Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Mx1021 Firmware	< 3.60_tei386m
Lenovo	Thinkagile Vx 1se Certified Node Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Vx 2u4n Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Vx 4u Firmware	< 2.50_psi346l
Lenovo	Thinkagile Vx1320 Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Vx2320 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Vx2330 Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Vx3320 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Vx3330 Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Vx3520-G Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Vx3530-G Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Vx3720 Firmware	< 5.20_tei3c8m
Lenovo	Thinkagile Vx5520 Firmware	< 8.40-cdi394n
Lenovo	Thinkagile Vx5530 Firmware	< 1.80_afbt20n
Lenovo	Thinkagile Vx7320 N Firmware	< 8.40-cdi394n

Showing 50 of 98 affected configurations. See NVD for the full list.

References

https://support.lenovo.com/us/en/product_security/LEN-87734Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-87734Vendor Advisory

Timeline

Published: Jan 30, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-34888?

How severe is CVE-2022-34888?

CVE-2022-34888 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2022-34888?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-34888?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST