Denial of Service Vulnerability in Lenovo Vantage HardwareScan Plugin by Lenovo
CVE-2022-3702

6.1MEDIUM

Key Information:

Vendor: Lenovo
Status: Vantage Hardwarescan Plugin
Vendor: CVE Published:; 27 October 2023

Summary

A vulnerability has been identified in the Lenovo Vantage HardwareScan Plugin, which affects version 1.3.0.5 and earlier. This vulnerability allows a local attacker to delete contents from an arbitrary directory, potentially disrupting system functionality and user workflows. Attack vectors for this denial of service issue include exploitation under specific conditions, highlighting the need for immediate attention and remediation by affected users.

Affected Version(s)

Vantage HardwareScan Plugin < 1.3.1.2

References

https://support.lenovo.com/us/en/product_security/LEN-94532

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Oct 26, 2022

Credit

Lenovo thanks Nils Ole Timm for reporting this issue.