CVE-2022-3698 - Vulnerability Details - OpenCVE

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to

1.3.1.2

and

Lenovo Diagnostics versions prior to 4.45

that could allow a local user with administrative access to trigger a system crash.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Lenovo	Diagnostics Hardwarescan Plugin

Configuration 1 [-]

OR	cpe:2.3:a:lenovo:diagnostics::::::::
	cpe:2.3:a:lenovo:hardwarescan_plugin::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-43056	A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

Fixes

Solution

Update to Lenovo Diagnostics Application v4.45 or later. Update the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-102365
https://support.lenovo.com/us/en/product_security/LEN-94532

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:40:56.631Z

Updated: 2024-09-17T14:18:07.679Z

Reserved: 2022-10-26T14:17:16.999Z

Link: CVE-2022-3698

Vulnrichment

Updated: 2024-08-03T01:14:03.297Z

NVD

Status : Modified

Published: 2023-10-25T18:17:15.730

Modified: 2024-11-21T07:20:03.430

Link: CVE-2022-3698

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3698", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-10-26T14:17:16.999Z", "datePublished": "2023-10-24T20:40:56.631Z", "dateUpdated": "2024-09-17T14:18:07.679Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HardwareScanPlugin ", "vendor": "Lenovo", "versions": [{"lessThan": "1.3.1.2", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Diagnostics", "vendor": "Lenovo", "versions": [{"lessThan": "4.45", "status": "affected", "version": " ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n<span style=\"background-color: rgb(255, 255, 255);\">1.3.1.2</span>\n\n and \n\n<span style=\"background-color: rgb(255, 255, 255);\">Lenovo Diagnostics versions prior to 4.45</span>\n\n that could allow a local user with administrative access to trigger a system crash.</span>\n\n"}], "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:40:56.631Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to Lenovo Diagnostics Application v4.45 or later.</span>\n\n<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.</span><br>"}], "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:03.297Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532", "tags": ["x_transferred"]}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T14:15:51.421963Z", "id": "CVE-2022-3698", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:18:07.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532", "tags": ["x_transferred"]}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:14:03.297Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-3698", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T14:15:51.421963Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-17T14:18:02.684Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lenovo", "product": "HardwareScanPlugin ", "versions": [{"status": "affected", "version": " ", "lessThan": "1.3.1.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Lenovo", "product": "Diagnostics", "versions": [{"status": "affected", "version": " ", "lessThan": "4.45", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to Lenovo Diagnostics Application v4.45 or later.</span>\n\n<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.</span><br>", "base64": false}]}], "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n<span style=\"background-color: rgb(255, 255, 255);\">1.3.1.2</span>\n\n and \n\n<span style=\"background-color: rgb(255, 255, 255);\">Lenovo Diagnostics versions prior to 4.45</span>\n\n that could allow a local user with administrative access to trigger a system crash.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:40:56.631Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3698", "state": "PUBLISHED", "dateUpdated": "2024-09-17T14:18:07.679Z", "dateReserved": "2022-10-26T14:17:16.999Z", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "datePublished": "2023-10-24T20:40:56.631Z", "assignerShortName": "lenovo"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*", "matchCriteriaId": "13DF3130-F2B6-4F16-A02A-0F5AD902F880", "versionEndExcluding": "4.45.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0FFB47C-DB96-446E-A399-87FDC81F7290", "versionEndExcluding": "1.3.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en las versiones Lenovo HardwareScanPlugin anteriores a 1.3.1.2 y Lenovo Diagnostics anteriores a 4.45 que podr\u00eda permitir que un usuario local con acceso administrativo desencadene un bloqueo del sistema."}], "id": "CVE-2022-3698", "lastModified": "2024-11-21T07:20:03.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-25T18:17:15.730", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "psirt@lenovo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}