Vulnerability Details : CVE-2022-3699
Public exploit exists!
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
Vulnerability category: Memory CorruptionExecute codeGain privilege
Products affected by CVE-2022-3699
- cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*
- cpe:2.3:a:lenovo:hardwarescan_addin:*:*:*:*:*:*:*:*
- cpe:2.3:a:lenovo:hardwarescan_plugin:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3699
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-3699
-
Lenovo Diagnostics Driver IOCTL memmove
Disclosure Date: 2022-11-09First seen: 2023-09-11exploit/windows/local/cve_2022_3699_lenovo_diagnostics_driverIncorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory read/write. Authors: - alfarom256 - jheysel-r7
CVSS scores for CVE-2022-3699
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Lenovo Group Ltd. |
CWE ids for CVE-2022-3699
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: psirt@lenovo.com (Primary)
References for CVE-2022-3699
-
https://support.lenovo.com/us/en/product_security/LEN-102365
Lenovo Diagnostics Vulnerabilities - Lenovo Support USVendor Advisory
-
https://support.lenovo.com/us/en/product_security/LEN-94532
Lenovo Vantage Component Vulnerabilities - Lenovo Support USVendor Advisory
Jump to