Lucene search

[email protected]CVE-2022-38396

HistoryFeb 12, 2023 - 4:15 a.m.

CVE-2022-38396

2023-02-1204:15:14

[email protected]

web.nvd.nist.gov

cve-2022-38396

windows 10

privilege escalation

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.7%

JSON

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.

Affected configurations

NVD

Node

microsoftwindows_10_1507Match-

microsoftwindows_10_1511Match-

microsoftwindows_10_1607Match-

microsoftwindows_10_1703Match-

microsoftwindows_10_1709Match-

microsoftwindows_10_1803Match-

microsoftwindows_10_1809Match-

microsoftwindows_10_1909Match-

microsoftwindows_10_2004Match-

microsoftwindows_10_20h2Match-

CPENameOperatorVersion
microsoft:windows_10_1507microsoft windows 10 1507eq-
microsoft:windows_10_1511microsoft windows 10 1511eq-
microsoft:windows_10_1607microsoft windows 10 1607eq-
microsoft:windows_10_1703microsoft windows 10 1703eq-
microsoft:windows_10_1709microsoft windows 10 1709eq-
microsoft:windows_10_1803microsoft windows 10 1803eq-
microsoft:windows_10_1809microsoft windows 10 1809eq-
microsoft:windows_10_1909microsoft windows 10 1909eq-
microsoft:windows_10_2004microsoft windows 10 2004eq-
microsoft:windows_10_20h2microsoft windows 10 20h2eq-

CPE	Name	Operator	Version
microsoft:windows_10_1507	microsoft windows 10 1507	eq	-
microsoft:windows_10_1511	microsoft windows 10 1511	eq	-
microsoft:windows_10_1607	microsoft windows 10 1607	eq	-
microsoft:windows_10_1703	microsoft windows 10 1703	eq	-
microsoft:windows_10_1709	microsoft windows 10 1709	eq	-
microsoft:windows_10_1803	microsoft windows 10 1803	eq	-
microsoft:windows_10_1809	microsoft windows 10 1809	eq	-
microsoft:windows_10_1909	microsoft windows 10 1909	eq	-
microsoft:windows_10_2004	microsoft windows 10 2004	eq	-
microsoft:windows_10_20h2	microsoft windows 10 20h2	eq	-

CNA Affected

[
  {
    "versions": [
      {
        "version": "See HP Security Bulletin reference for affected versions.",
        "status": "affected"
      }
    ],
    "product": "HP Factory Preinstalled Windows 10 20H2 Images",
    "vendor": "HP Inc."
  }
]

References

support.hp.com/ie-en/document/ish_7620368-7620413-16

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.7%

JSON

Related for CVE-2022-38396

prion1 nvd1 hp1 cvelist1