Lucene search

LenovoCVELIST:CVE-2022-3698

HistoryOct 24, 2023 - 8:40 p.m.

CVE-2022-3698

2023-10-2420:40:56

CWE-400

lenovo

www.cve.org

cve-2022-3698

vulnerability

lenovo

hardwarescanplugin

diagnostics

local user

administrative access

system crash

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.9

Confidence

High

EPSS

Percentile

5.1%

JSON

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to

1.3.1.2

and

Lenovo Diagnostics versions prior to 4.45

that could allow a local user with administrative access to trigger a system crash.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HardwareScanPlugin ",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "1.3.1.2",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Diagnostics",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "4.45",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-102365

support.lenovo.com/us/en/product_security/LEN-94532

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-3698