CVE-2022-0353 - OpenCVE

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Diagnostics Hardwarescan Addin Hardwarescan Plugin

Configuration 1 [-]

OR	cpe:2.3:a:lenovo:diagnostics::::::::
	cpe:2.3:a:lenovo:hardwarescan_addin::::::::
	cpe:2.3:a:lenovo:hardwarescan_plugin::::::::

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-102365
https://support.lenovo.com/us/en/product_security/LEN-94532

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:39:21.969Z

Updated: 2024-09-11T18:48:59.900Z

Reserved: 2022-01-24T20:51:33.781Z

Link: CVE-2022-0353

Vulnrichment

Updated: 2024-08-02T23:25:40.534Z

NVD

Status : Analyzed

Published: 2023-10-25T18:16:54.057

Modified: 2023-10-30T18:18:25.037

Link: CVE-2022-0353

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-0353", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-01-24T20:51:33.781Z", "datePublished": "2023-10-24T20:39:21.969Z", "dateUpdated": "2024-09-11T18:48:59.900Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HardwareScanPlugin ", "vendor": "Lenovo", "versions": [{"lessThan": "1.3.1.2", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Diagnostics", "vendor": "Lenovo", "versions": [{"lessThan": "4.45", "status": "affected", "version": " ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n<span style=\"background-color: rgb(255, 255, 255);\">1.3.1.2</span>\n\n and \n\n<span style=\"background-color: rgb(255, 255, 255);\">Lenovo Diagnostics versions prior to 4.45</span>\n\n that could allow a local user with administrative access to trigger a system crash.</span>\n\n"}], "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:40:01.734Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to Lenovo Diagnostics Application v4.45 or later.</span>\n\n<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.</span><br>"}], "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.534Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532", "tags": ["x_transferred"]}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T18:48:49.236974Z", "id": "CVE-2022-0353", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T18:48:59.900Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532", "tags": ["x_transferred"]}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:25:40.534Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-0353", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T18:48:49.236974Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T18:48:56.365Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "HardwareScanPlugin ", "versions": [{"status": "affected", "version": " ", "lessThan": "1.3.1.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Diagnostics", "versions": [{"status": "affected", "version": " ", "lessThan": "4.45", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to Lenovo Diagnostics Application v4.45 or later.</span>\n\n<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.</span><br>", "base64": false}]}], "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n<span style=\"background-color: rgb(255, 255, 255);\">1.3.1.2</span>\n\n and \n\n<span style=\"background-color: rgb(255, 255, 255);\">Lenovo Diagnostics versions prior to 4.45</span>\n\n that could allow a local user with administrative access to trigger a system crash.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:40:01.734Z"}}}, "cveMetadata": {"cveId": "CVE-2022-0353", "state": "PUBLISHED", "dateUpdated": "2024-09-11T18:48:59.900Z", "dateReserved": "2022-01-24T20:51:33.781Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2023-10-24T20:39:21.969Z", "assignerShortName": "lenovo"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*", "matchCriteriaId": "13DF3130-F2B6-4F16-A02A-0F5AD902F880", "versionEndExcluding": "4.45.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:hardwarescan_addin:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EB39C52-5BBE-4734-B4A0-000CF11010B9", "versionEndExcluding": "2.4.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0FFB47C-DB96-446E-A399-87FDC81F7290", "versionEndExcluding": "1.3.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en las versiones Lenovo HardwareScanPlugin anteriores a 1.3.1.2 y Lenovo Diagnostics anteriores a 4.45 que podr\u00eda permitir que un usuario local con acceso administrativo desencadene un bloqueo del sistema."}], "id": "CVE-2022-0353", "lastModified": "2023-10-30T18:18:25.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2023-10-25T18:16:54.057", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}