Lucene search

[email protected]CVE-2022-3702

HistoryOct 27, 2023 - 8:15 p.m.

CVE-2022-3702

2023-10-2720:15:08

CWE-367

[email protected]

web.nvd.nist.gov

cve-2022-3702

denial of service

vulnerability

lenovo vantage

hardwarescan plugin

local attacker

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.

Affected configurations

NVD

Node

lenovosystem_update_pluginRange<2.0.0.213lenovo_vantage

Node

lenovohardware_scan_pluginRange<1.3.1.2lenovo_vantage

Node

lenovohardware_scan_addinRange<2.4.1.1lenovo_vantage

CPENameOperatorVersion
lenovo:system_update_pluginlenovo system update pluginlt2.0.0.213

CPE	Name	Operator	Version
lenovo:system_update_plugin	lenovo system update plugin	lt	2.0.0.213

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vantage HardwareScan Plugin",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "1.3.1.2",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-94532

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-3702

prion1 nvd1 cvelist1