CVE-2022-3702
First published: Fri Oct 27 2023(Updated: )
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo System Update Plugin | <2.0.0.213 | |
| Lenovo Hardware Scan Plugin | <1.3.1.2 | |
| Lenovo Hardware Scan Addin | <2.4.1.1 |
Remedy
Update the Lenovo Vantage HardwareScan Plugin to version 1.3.1.2.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-3702.
What is the affected software?
The affected software includes Lenovo System Update Plugin version up to exclusive 2.0.0.213, Lenovo Hardware Scan Plugin version up to exclusive 1.3.1.2, and Lenovo Hardware Scan Addin version up to exclusive 2.4.1.1.
What is the severity of CVE-2022-3702?
The severity of CVE-2022-3702 is high with a CVSS score of 7.1.
How can a local attacker exploit CVE-2022-3702?
A local attacker can exploit CVE-2022-3702 to delete contents of an arbitrary directory under certain conditions.
Is there a fix available for CVE-2022-3702?
Yes, Lenovo has provided a fix for CVE-2022-3702. Please refer to the official Lenovo support page for more information.
- collector/nvd-api
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/lenovo
- canonical/lenovo system update plugin
- canonical/lenovo hardware scan plugin
- canonical/lenovo hardware scan addin