Lucene search

[email protected]NVD:CVE-2022-0353

HistoryOct 25, 2023 - 6:16 p.m.

CVE-2022-0353

2023-10-2518:16:54

CWE-400

[email protected]

web.nvd.nist.gov

lenovo

hardwarescanplugin

diagnostics

denial of service

system crash

local user

administrative access

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to

1.3.1.2

and

Lenovo Diagnostics versions prior to 4.45

that could allow a local user with administrative access to trigger a system crash.

Affected configurations

Nvd

Node

lenovodiagnosticsRange<4.45.0

lenovohardwarescan_addinRange<2.4.1.1

lenovohardwarescan_pluginRange<1.3.1.2

VendorProductVersionCPE
lenovodiagnostics*cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*
lenovohardwarescan_addin*cpe:2.3:a:lenovo:hardwarescan_addin:*:*:*:*:*:*:*:*
lenovohardwarescan_plugin*cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lenovo	diagnostics	*	cpe:2.3:a:lenovo:diagnostics::::::::
lenovo	hardwarescan_addin	*	cpe:2.3:a:lenovo:hardwarescan_addin::::::::
lenovo	hardwarescan_plugin	*	cpe:2.3:a:lenovo:hardwarescan_plugin::::::::

References

support.lenovo.com/us/en/product_security/LEN-102365

support.lenovo.com/us/en/product_security/LEN-94532

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-0353

vulnrichment1 cve1 cvelist1 prion1