Unauthorized Access in Lenovo Printers Configuration
CVE-2022-34887

4.3MEDIUM

Key Information:

Vendor: Lenovo
Status: Printer Gm265dn (production Date June 2022 And Before); Printer Gm265dn (production Date July 2022 And Later); Printer Gm266dns; Printer G263dns
Vendor: CVE Published:; 27 October 2023

What is CVE-2022-34887?

Standard users have the capability to directly manipulate and configure printer settings, including IP addresses, on specific Lenovo Printers without requiring administrator authentication. This exposes the printers to potential unauthorized access and configuration manipulation, posing a significant security risk for network integrity and data protection.

Affected Version(s)

Printer G263DNS < 02.06.00.04.00

Printer GM265DN (production date July 2022 and later)

Printer GM265DN (production date June 2022 and before) < 01.00.20N

References

https://iknow.lenovo.com.cn/detail/205041.html

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Jun 30, 2022