Search criteria
13 vulnerabilities found for Diagnostics by Lenovo
VAR-202010-1492
Vulnerability from variot - Updated: 2023-12-18 13:42A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Lenovo Diagnostics Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Diagnostics is a tool for scanning and diagnosing hardware failures of Lenovo computers. This tool can help users scan, check, and repair computer driver problems. Lenovo Diagnostics can also help users easily solve some blue screen and crash problems on the computer and repair them. It can scan and diagnose faults with one click
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "diagnostics",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "4.35.4"
},
{
"model": "diagnostics",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "diagnostics",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "4.35.4 less than"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "NVD",
"id": "CVE-2020-8338"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.35.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8338"
}
]
},
"cve": "CVE-2020-8338",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-8338",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-186463",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-012168",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8338",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2020-8338",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-577",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186463",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-8338",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186463"
},
{
"db": "VULMON",
"id": "CVE-2020-8338"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Lenovo Diagnostics Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Diagnostics is a tool for scanning and diagnosing hardware failures of Lenovo computers. This tool can help users scan, check, and repair computer driver problems. Lenovo Diagnostics can also help users easily solve some blue screen and crash problems on the computer and repair them. It can scan and diagnose faults with one click",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "VULHUB",
"id": "VHN-186463"
},
{
"db": "VULMON",
"id": "CVE-2020-8338"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8338",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-32702",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012168",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202010-577",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57816",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-186463",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8338",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186463"
},
{
"db": "VULMON",
"id": "CVE-2020-8338"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
]
},
"id": "VAR-202010-1492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186463"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:42:45.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-32702",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-32702"
},
{
"title": "Lenovo Diagnostics Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131251"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.1
},
{
"problemtype": "Untrusted search path (CWE-426) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186463"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "NVD",
"id": "CVE-2020-8338"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.lenovo.com/us/en/product_security/len-32702"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8338"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/426.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189757"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186463"
},
{
"db": "VULMON",
"id": "CVE-2020-8338"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186463"
},
{
"db": "VULMON",
"id": "CVE-2020-8338"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-186463"
},
{
"date": "2020-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8338"
},
{
"date": "2021-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"date": "2020-10-14T22:15:13.513000",
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"date": "2020-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-186463"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8338"
},
{
"date": "2021-04-26T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2020-012168"
},
{
"date": "2020-10-16T20:05:52.457000",
"db": "NVD",
"id": "CVE-2020-8338"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo\u00a0Diagnostics\u00a0 Untrusted search path vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-577"
}
],
"trust": 0.6
}
}
FKIE_CVE-2022-3699
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:20
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | diagnostics | * | |
| lenovo | hardwarescan_addin | * | |
| lenovo | hardwarescan_plugin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13DF3130-F2B6-4F16-A02A-0F5AD902F880",
"versionEndExcluding": "4.45.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:hardwarescan_addin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB39C52-5BBE-4734-B4A0-000CF11010B9",
"versionEndExcluding": "2.4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FFB47C-DB96-446E-A399-87FDC81F7290",
"versionEndExcluding": "1.3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u00a01.3.1.2 and\u00a0Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges."
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en Lenovo HardwareScanPlugin antes de la versi\u00f3n 1.3.1.2 y Lenovo Diagnostics antes de la versi\u00f3n 4.45 que podr\u00eda permitir a un usuario local ejecutar c\u00f3digo con privilegios elevados."
}
],
"id": "CVE-2022-3699",
"lastModified": "2024-11-21T07:20:03.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:15.807",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-3698
Vulnerability from fkie_nvd - Published: 2023-10-25 18:17 - Updated: 2024-11-21 07:20
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | diagnostics | * | |
| lenovo | hardwarescan_plugin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13DF3130-F2B6-4F16-A02A-0F5AD902F880",
"versionEndExcluding": "4.45.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FFB47C-DB96-446E-A399-87FDC81F7290",
"versionEndExcluding": "1.3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en las versiones Lenovo HardwareScanPlugin anteriores a 1.3.1.2 y Lenovo Diagnostics anteriores a 4.45 que podr\u00eda permitir que un usuario local con acceso administrativo desencadene un bloqueo del sistema."
}
],
"id": "CVE-2022-3698",
"lastModified": "2024-11-21T07:20:03.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:17:15.730",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-0353
Vulnerability from fkie_nvd - Published: 2023-10-25 18:16 - Updated: 2024-11-21 06:38
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | diagnostics | * | |
| lenovo | hardwarescan_addin | * | |
| lenovo | hardwarescan_plugin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13DF3130-F2B6-4F16-A02A-0F5AD902F880",
"versionEndExcluding": "4.45.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:hardwarescan_addin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB39C52-5BBE-4734-B4A0-000CF11010B9",
"versionEndExcluding": "2.4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FFB47C-DB96-446E-A399-87FDC81F7290",
"versionEndExcluding": "1.3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
},
{
"lang": "es",
"value": "Se inform\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en las versiones Lenovo HardwareScanPlugin anteriores a 1.3.1.2 y Lenovo Diagnostics anteriores a 4.45 que podr\u00eda permitir que un usuario local con acceso administrativo desencadene un bloqueo del sistema."
}
],
"id": "CVE-2022-0353",
"lastModified": "2024-11-21T06:38:26.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-25T18:16:54.057",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
},
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-8338
Vulnerability from fkie_nvd - Published: 2020-10-14 22:15 - Updated: 2024-11-21 05:38
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/us/en/product_security/LEN-32702 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/us/en/product_security/LEN-32702 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | diagnostics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C438F57F-E4A9-49D6-B4E5-7EC386BC886D",
"versionEndExcluding": "4.35.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
},
{
"lang": "es",
"value": "Se report\u00f3 una vulnerabilidad en la ruta de b\u00fasqueda de DLL en Lenovo Diagnostics versiones anteriores a 4.35.4, que podr\u00eda permitir a un usuario con acceso local ejecutar c\u00f3digo en el sistema"
}
],
"id": "CVE-2020-8338",
"lastModified": "2024-11-21T05:38:44.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-14T22:15:13.513",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-3699 (GCVE-0-2022-3699)
Vulnerability from cvelistv5 – Published: 2023-10-24 20:48 – Updated: 2024-09-17 14:17
VLAI?
Summary
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | HardwareScanPlugin |
Affected:
, < 1.3.1.2
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Mike Alfaro at Nephosec for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:12:24.261476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:17:40.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HardwareScanPlugin ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.3.1.2",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.45",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Mike Alfaro at Nephosec for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics prior to version 4.45\u003c/span\u003e\n\n\u003c/span\u003e\n\n that could allow a local user to execute code with elevated privileges.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u00a01.3.1.2 and\u00a0Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:48:23.213Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3699",
"datePublished": "2023-10-24T20:48:23.213Z",
"dateReserved": "2022-10-26T14:21:09.384Z",
"dateUpdated": "2024-09-17T14:17:40.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3698 (GCVE-0-2022-3698)
Vulnerability from cvelistv5 – Published: 2023-10-24 20:40 – Updated: 2024-09-17 14:18
VLAI?
Summary
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
Severity ?
4.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | HardwareScanPlugin |
Affected:
, < 1.3.1.2
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:15:51.421963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:18:07.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HardwareScanPlugin ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.3.1.2",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.45",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
}
],
"value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:40:56.631Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3698",
"datePublished": "2023-10-24T20:40:56.631Z",
"dateReserved": "2022-10-26T14:17:16.999Z",
"dateUpdated": "2024-09-17T14:18:07.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0353 (GCVE-0-2022-0353)
Vulnerability from cvelistv5 – Published: 2023-10-24 20:39 – Updated: 2024-09-11 18:48
VLAI?
Summary
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
Severity ?
4.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | HardwareScanPlugin |
Affected:
, < 1.3.1.2
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:48:49.236974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:48:59.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HardwareScanPlugin ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.3.1.2",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.45",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
}
],
"value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:40:01.734Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-0353",
"datePublished": "2023-10-24T20:39:21.969Z",
"dateReserved": "2022-01-24T20:51:33.781Z",
"dateUpdated": "2024-09-11T18:48:59.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8338 (GCVE-0-2020-8338)
Vulnerability from cvelistv5 – Published: 2020-10-14 21:25 – Updated: 2024-08-04 09:56
VLAI?
Summary
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
Severity ?
7.8 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Diagnostics |
Affected:
unspecified , < 4.35.4
(custom)
|
Credits
Lenovo thanks Xavier DANEST - Decathlon for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.35.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T21:25:20",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
}
],
"source": {
"advisory": "LEN-32702",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2020-8338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Diagnostics",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.35.4"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-32702",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
}
],
"source": {
"advisory": "LEN-32702",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8338",
"datePublished": "2020-10-14T21:25:20",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3699 (GCVE-0-2022-3699)
Vulnerability from nvd – Published: 2023-10-24 20:48 – Updated: 2024-09-17 14:17
VLAI?
Summary
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | HardwareScanPlugin |
Affected:
, < 1.3.1.2
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Mike Alfaro at Nephosec for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:12:24.261476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:17:40.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HardwareScanPlugin ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.3.1.2",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.45",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Mike Alfaro at Nephosec for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics prior to version 4.45\u003c/span\u003e\n\n\u003c/span\u003e\n\n that could allow a local user to execute code with elevated privileges.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u00a01.3.1.2 and\u00a0Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:48:23.213Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3699",
"datePublished": "2023-10-24T20:48:23.213Z",
"dateReserved": "2022-10-26T14:21:09.384Z",
"dateUpdated": "2024-09-17T14:17:40.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3698 (GCVE-0-2022-3698)
Vulnerability from nvd – Published: 2023-10-24 20:40 – Updated: 2024-09-17 14:18
VLAI?
Summary
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
Severity ?
4.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | HardwareScanPlugin |
Affected:
, < 1.3.1.2
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:15:51.421963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:18:07.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HardwareScanPlugin ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.3.1.2",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.45",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
}
],
"value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:40:56.631Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3698",
"datePublished": "2023-10-24T20:40:56.631Z",
"dateReserved": "2022-10-26T14:17:16.999Z",
"dateUpdated": "2024-09-17T14:18:07.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0353 (GCVE-0-2022-0353)
Vulnerability from nvd – Published: 2023-10-24 20:39 – Updated: 2024-09-11 18:48
VLAI?
Summary
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
Severity ?
4.4 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Lenovo | HardwareScanPlugin |
Affected:
, < 1.3.1.2
(custom)
|
|||||||
|
|||||||||
Credits
Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:48:49.236974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:48:59.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HardwareScanPlugin ",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "1.3.1.2",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.45",
"status": "affected",
"version": " ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
}
],
"value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T20:40:01.734Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
},
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-0353",
"datePublished": "2023-10-24T20:39:21.969Z",
"dateReserved": "2022-01-24T20:51:33.781Z",
"dateUpdated": "2024-09-11T18:48:59.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8338 (GCVE-0-2020-8338)
Vulnerability from nvd – Published: 2020-10-14 21:25 – Updated: 2024-08-04 09:56
VLAI?
Summary
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
Severity ?
7.8 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Diagnostics |
Affected:
unspecified , < 4.35.4
(custom)
|
Credits
Lenovo thanks Xavier DANEST - Decathlon for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Diagnostics",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.35.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T21:25:20",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
}
],
"source": {
"advisory": "LEN-32702",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2020-8338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Diagnostics",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.35.4"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-32702",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
}
],
"source": {
"advisory": "LEN-32702",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8338",
"datePublished": "2020-10-14T21:25:20",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}