Lucene search
LenovoCVE-2022-3700HistoryOct 27, 2023 - 8:15 p.m.
CVE-2022-3700
2023-10-2720:15:08
CWE-367
lenovo
web.nvd.nist.gov
10
cve-2022-3700
time of check time of use
toctou
lenovo vantage
systemupdate plugin
nvd
local attacker
file deletion
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
6.2
Confidence
High
EPSS
0
Percentile
5.1%
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.
Affected configurations
Node
lenovosystem_update_pluginRange<2.0.0.213lenovo_vantage
Node
lenovohardware_scan_pluginRange<1.3.1.2lenovo_vantage
Node
lenovohardware_scan_addinRange<2.4.1.1lenovo_vantage
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lenovo | system_update_plugin | * | cpe:2.3:a:lenovo:system_update_plugin:*:*:*:*:*:lenovo_vantage:*:* |
| lenovo | hardware_scan_plugin | * | cpe:2.3:a:lenovo:hardware_scan_plugin:*:*:*:*:*:lenovo_vantage:*:* |
| lenovo | hardware_scan_addin | * | cpe:2.3:a:lenovo:hardware_scan_addin:*:*:*:*:*:lenovo_vantage:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Vantage SystemUpdate Plugin",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "2.0.0.213",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2022-3700
2023-10-27 20:15:08
vulnrichment
vulnrichment
CVE-2022-3700
2023-10-27 19:32:04
prion
prion
Code injection
2023-10-27 20:15:00
cvelist
cvelist
CVE-2022-3700
2023-10-27 19:32:04
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
6.2
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2022-3700