DLL Hijacking Vulnerability in HP Support Assistant by HP
CVE-2022-38395

7.8HIGH

Key Information:

Vendor: HP
Status: HP Support Assistant
Vendor: CVE Published:; 12 December 2022

What is CVE-2022-38395?

The HP Support Assistant employs HP Performance Tune-up as a diagnostic tool, which can be exploited through a DLL hijacking vulnerability. When Fusion launches the HP Performance Tune-up application, attackers can potentially exploit this security flaw to elevate privileges, making it a critical concern for users and administrators alike.

Affected Version(s)

HP Support Assistant See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_6788123-6788147...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
Aug 17, 2022