CVE-2022-0353 - OpenCVE

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Diagnostics Hardwarescan Addin Hardwarescan Plugin

Configuration 1 [-]

OR	cpe:2.3:a:lenovo:diagnostics::::::::
	cpe:2.3:a:lenovo:hardwarescan_addin::::::::
	cpe:2.3:a:lenovo:hardwarescan_plugin::::::::

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-102365	Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94532	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:39:21.969Z

Updated: 2023-10-24T20:40:01.734Z

Reserved: 2022-01-24T20:51:33.781Z

Link: CVE-2022-0353

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-25T18:16:54.057

Modified: 2023-10-30T18:18:25.037

Link: CVE-2022-0353

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-0353", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2022-01-24T20:51:33.781Z", "datePublished": "2023-10-24T20:39:21.969Z", "dateUpdated": "2023-10-24T20:40:01.734Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HardwareScanPlugin ", "vendor": "Lenovo", "versions": [{"lessThan": "1.3.1.2", "status": "affected", "version": " ", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Diagnostics", "vendor": "Lenovo", "versions": [{"lessThan": "4.45", "status": "affected", "version": " ", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n<span style=\"background-color: rgb(255, 255, 255);\">1.3.1.2</span>\n\n and \n\n<span style=\"background-color: rgb(255, 255, 255);\">Lenovo Diagnostics versions prior to 4.45</span>\n\n that could allow a local user with administrative access to trigger a system crash.</span>\n\n"}], "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:40:01.734Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to Lenovo Diagnostics Application v4.45 or later.</span>\n\n<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.</span><br>"}], "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*", "matchCriteriaId": "13DF3130-F2B6-4F16-A02A-0F5AD902F880", "versionEndExcluding": "4.45.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:hardwarescan_addin:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EB39C52-5BBE-4734-B4A0-000CF11010B9", "versionEndExcluding": "2.4.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0FFB47C-DB96-446E-A399-87FDC81F7290", "versionEndExcluding": "1.3.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en las versiones Lenovo HardwareScanPlugin anteriores a 1.3.1.2 y Lenovo Diagnostics anteriores a 4.45 que podr\u00eda permitir que un usuario local con acceso administrativo desencadene un bloqueo del sistema."}], "id": "CVE-2022-0353", "lastModified": "2023-10-30T18:18:25.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2023-10-25T18:16:54.057", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"}, {"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}