Lucene search
HistoryOct 27, 2023 - 8:15 p.m.
CVE-2022-3700
lenovo vantage
system update plugin
toctou
vulnerability
local attacker
delete files
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
0
Percentile
5.1%
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.
Affected configurations
Node
lenovosystem_update_pluginRange<2.0.0.213lenovo_vantage
Node
lenovohardware_scan_pluginRange<1.3.1.2lenovo_vantage
Node
lenovohardware_scan_addinRange<2.4.1.1lenovo_vantage
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lenovo | system_update_plugin | * | cpe:2.3:a:lenovo:system_update_plugin:*:*:*:*:*:lenovo_vantage:*:* |
| lenovo | hardware_scan_plugin | * | cpe:2.3:a:lenovo:hardware_scan_plugin:*:*:*:*:*:lenovo_vantage:*:* |
| lenovo | hardware_scan_addin | * | cpe:2.3:a:lenovo:hardware_scan_addin:*:*:*:*:*:lenovo_vantage:*:* |
Related
cve
cve
CVE-2022-3700
2023-10-27 20:15:08
vulnrichment
vulnrichment
CVE-2022-3700
2023-10-27 19:32:04
prion
prion
Code injection
2023-10-27 20:15:00
cvelist
cvelist
CVE-2022-3700
2023-10-27 19:32:04
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2022-3700