Search

Find a vulnerability

Search criteria

    11 vulnerabilities found for Diagnostics by Lenovo

    CVE-2026-0827 (GCVE-0-2026-0827)

    Vulnerability from nvd – Published: 2026-04-15 12:27 – Updated: 2026-04-15 13:48
    VLAI
    Summary
    During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Diagnostics Affected: 0 , < 5.26.0 (custom)
    Create a notification for this product.
    Lenovo Vantage Affected: 0 , < 4.7.1.4 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Anas Hadane for subsequently reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0827",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T13:46:44.833174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T13:48:06.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.26.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "HardwareScanAddin",
              "product": "Vantage",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.7.1.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.26.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.1.4",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Anas Hadane for subsequently reporting this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
                }
              ],
              "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T12:27:45.354Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-210693"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Diagnostics to version 5.26.0 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update Lenovo Diagnostics to version 5.26.0 or later."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage.\u003cbr\u003e"
                }
              ],
              "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.3.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2026-0827",
        "datePublished": "2026-04-15T12:27:45.354Z",
        "dateReserved": "2026-01-09T19:19:57.946Z",
        "dateUpdated": "2026-04-15T13:48:06.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3699 (GCVE-0-2022-3699)

    Vulnerability from nvd – Published: 2023-10-24 20:48 – Updated: 2024-09-17 14:17
    VLAI
    Summary
    A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo HardwareScanPlugin Affected: , < 1.3.1.2 (custom)
    Create a notification for this product.
    Lenovo Diagnostics Affected: , < 4.45 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Mike Alfaro at Nephosec for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T14:12:24.261476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:17:40.247Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HardwareScanPlugin ",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.3.1.2",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.45",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Mike Alfaro at Nephosec for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics prior to version 4.45\u003c/span\u003e\n\n\u003c/span\u003e\n\n that could allow a local user to execute code with elevated privileges.\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u00a01.3.1.2 and\u00a0Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:48:23.213Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
            },
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3699",
        "datePublished": "2023-10-24T20:48:23.213Z",
        "dateReserved": "2022-10-26T14:21:09.384Z",
        "dateUpdated": "2024-09-17T14:17:40.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3698 (GCVE-0-2022-3698)

    Vulnerability from nvd – Published: 2023-10-24 20:40 – Updated: 2024-09-17 14:18
    VLAI
    Summary
    A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo HardwareScanPlugin Affected: , < 1.3.1.2 (custom)
    Create a notification for this product.
    Lenovo Diagnostics Affected: , < 4.45 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T14:15:51.421963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:18:07.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HardwareScanPlugin ",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.3.1.2",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.45",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:40:56.631Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
            },
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3698",
        "datePublished": "2023-10-24T20:40:56.631Z",
        "dateReserved": "2022-10-26T14:17:16.999Z",
        "dateUpdated": "2024-09-17T14:18:07.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0353 (GCVE-0-2022-0353)

    Vulnerability from nvd – Published: 2023-10-24 20:39 – Updated: 2024-09-11 18:48
    VLAI
    Summary
    A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo HardwareScanPlugin Affected: , < 1.3.1.2 (custom)
    Create a notification for this product.
    Lenovo Diagnostics Affected: , < 4.45 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T18:48:49.236974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T18:48:59.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HardwareScanPlugin ",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.3.1.2",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.45",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:40:01.734Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
            },
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-0353",
        "datePublished": "2023-10-24T20:39:21.969Z",
        "dateReserved": "2022-01-24T20:51:33.781Z",
        "dateUpdated": "2024-09-11T18:48:59.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8338 (GCVE-0-2020-8338)

    Vulnerability from nvd – Published: 2020-10-14 21:25 – Updated: 2024-08-04 09:56
    VLAI
    Summary
    A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Diagnostics Affected: unspecified , < 4.35.4 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Xavier DANEST - Decathlon for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:56:28.465Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.35.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-14T21:25:20.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-32702",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2020-8338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Diagnostics",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.35.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426 Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-32702",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-32702",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2020-8338",
        "datePublished": "2020-10-14T21:25:20.000Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:56:28.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-0827 (GCVE-0-2026-0827)

    Vulnerability from cvelistv5 – Published: 2026-04-15 12:27 – Updated: 2026-04-15 13:48
    VLAI
    Summary
    During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo Diagnostics Affected: 0 , < 5.26.0 (custom)
    Create a notification for this product.
    Lenovo Vantage Affected: 0 , < 4.7.1.4 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Anas Hadane for subsequently reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0827",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T13:46:44.833174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T13:48:06.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "5.26.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "HardwareScanAddin",
              "product": "Vantage",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.7.1.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:lenovo:diagnostics:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.26.0",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.1.4",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Anas Hadane for subsequently reporting this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
                }
              ],
              "value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-15T12:27:45.354Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-210693"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Lenovo Diagnostics to version 5.26.0 or later.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update Lenovo Diagnostics to version 5.26.0 or later."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage.\u003cbr\u003e"
                }
              ],
              "value": "Update Vantage and Commercial Vantage HardwareScanAddin to version 4.7.1.4 or later. HardwareScanAddin is automatically updated by Lenovo Vantage and Lenovo Commercial Vantage."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.3.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2026-0827",
        "datePublished": "2026-04-15T12:27:45.354Z",
        "dateReserved": "2026-01-09T19:19:57.946Z",
        "dateUpdated": "2026-04-15T13:48:06.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-3699 (GCVE-0-2022-3699)

    Vulnerability from cvelistv5 – Published: 2023-10-24 20:48 – Updated: 2024-09-17 14:17
    VLAI
    Summary
    A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo HardwareScanPlugin Affected: , < 1.3.1.2 (custom)
    Create a notification for this product.
    Lenovo Diagnostics Affected: , < 4.45 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Mike Alfaro at Nephosec for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T14:12:24.261476Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:17:40.247Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HardwareScanPlugin ",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.3.1.2",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.45",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Mike Alfaro at Nephosec for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics prior to version 4.45\u003c/span\u003e\n\n\u003c/span\u003e\n\n that could allow a local user to execute code with elevated privileges.\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u00a01.3.1.2 and\u00a0Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:48:23.213Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
            },
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3699",
        "datePublished": "2023-10-24T20:48:23.213Z",
        "dateReserved": "2022-10-26T14:21:09.384Z",
        "dateUpdated": "2024-09-17T14:17:40.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3698 (GCVE-0-2022-3698)

    Vulnerability from cvelistv5 – Published: 2023-10-24 20:40 – Updated: 2024-09-17 14:18
    VLAI
    Summary
    A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo HardwareScanPlugin Affected: , < 1.3.1.2 (custom)
    Create a notification for this product.
    Lenovo Diagnostics Affected: , < 4.45 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:14:03.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T14:15:51.421963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-17T14:18:07.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HardwareScanPlugin ",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.3.1.2",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.45",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:40:56.631Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
            },
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3698",
        "datePublished": "2023-10-24T20:40:56.631Z",
        "dateReserved": "2022-10-26T14:17:16.999Z",
        "dateUpdated": "2024-09-17T14:18:07.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0353 (GCVE-0-2022-0353)

    Vulnerability from cvelistv5 – Published: 2023-10-24 20:39 – Updated: 2024-09-11 18:48
    VLAI
    Summary
    A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo HardwareScanPlugin Affected: , < 1.3.1.2 (custom)
    Create a notification for this product.
    Lenovo Diagnostics Affected: , < 4.45 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:25:40.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-0353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-11T18:48:49.236974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-11T18:48:59.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HardwareScanPlugin ",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.3.1.2",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.45",
                  "status": "affected",
                  "version": " ",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Gergo Pap at Quadron Research Lab for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.3.1.2\u003c/span\u003e\n\n and\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLenovo Diagnostics versions prior to 4.45\u003c/span\u003e\n\n that could allow a local user with administrative access to trigger a system crash.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T20:40:01.734Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94532"
            },
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-102365"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Lenovo Diagnostics Application v4.45 or later.\u003c/span\u003e\n\n\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate to Lenovo Diagnostics Application v4.45 or later.\n\n\n\n\nUpdate the Lenovo HardwareScan Plugin to version 1.3.1.2 or later.\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-0353",
        "datePublished": "2023-10-24T20:39:21.969Z",
        "dateReserved": "2022-01-24T20:51:33.781Z",
        "dateUpdated": "2024-09-11T18:48:59.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8338 (GCVE-0-2020-8338)

    Vulnerability from cvelistv5 – Published: 2020-10-14 21:25 – Updated: 2024-08-04 09:56
    VLAI
    Summary
    A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Diagnostics Affected: unspecified , < 4.35.4 (custom)
    Create a notification for this product.
    Credits
    Lenovo thanks Xavier DANEST - Decathlon for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:56:28.465Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Diagnostics",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "4.35.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-14T21:25:20.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
            }
          ],
          "source": {
            "advisory": "LEN-32702",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2020-8338",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Diagnostics",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.35.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Xavier DANEST - Decathlon for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426 Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/LEN-32702",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade to Lenovo Diagnostics version 4.35.4 (or newer)."
              }
            ],
            "source": {
              "advisory": "LEN-32702",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2020-8338",
        "datePublished": "2020-10-14T21:25:20.000Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:56:28.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202010-1492

    Vulnerability from variot - Updated: 2024-11-23 22:44

    A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Lenovo Diagnostics Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Diagnostics is a tool for scanning and diagnosing hardware failures of Lenovo computers. This tool can help users scan, check, and repair computer driver problems. Lenovo Diagnostics can also help users easily solve some blue screen and crash problems on the computer and repair them. It can scan and diagnose faults with one click

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1492",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "diagnostics",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "lenovo",
            "version": "4.35.4"
          },
          {
            "model": "diagnostics",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "lenovo",
            "version": null
          },
          {
            "model": "diagnostics",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "lenovo",
            "version": "4.35.4  less than"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "cve": "CVE-2020-8338",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-8338",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-186463",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2020-8338",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-012168",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-8338",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@lenovo.com",
                "id": "CVE-2020-8338",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-8338",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202010-577",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-186463",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-8338",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Lenovo Diagnostics Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Diagnostics is a tool for scanning and diagnosing hardware failures of Lenovo computers. This tool can help users scan, check, and repair computer driver problems. Lenovo Diagnostics can also help users easily solve some blue screen and crash problems on the computer and repair them. It can scan and diagnose faults with one click",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8338"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-8338",
            "trust": 2.6
          },
          {
            "db": "LENOVO",
            "id": "LEN-32702",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57816",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-186463",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8338",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "id": "VAR-202010-1492",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186463"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:44:24.604000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "LEN-32702",
            "trust": 0.8,
            "url": "https://support.lenovo.com/us/en/product_security/LEN-32702"
          },
          {
            "title": "Lenovo Diagnostics Fixes for code issue vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131251"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-426",
            "trust": 1.1
          },
          {
            "problemtype": "Untrusted search path (CWE-426) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://support.lenovo.com/us/en/product_security/len-32702"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8338"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/426.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189757"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-8338"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "date": "2020-10-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8338"
          },
          {
            "date": "2021-04-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "date": "2020-10-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          },
          {
            "date": "2020-10-14T22:15:13.513000",
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-186463"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-8338"
          },
          {
            "date": "2021-04-26T08:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          },
          {
            "date": "2020-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          },
          {
            "date": "2024-11-21T05:38:44.340000",
            "db": "NVD",
            "id": "CVE-2020-8338"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Lenovo\u00a0Diagnostics\u00a0 Untrusted search path vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012168"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202010-577"
          }
        ],
        "trust": 0.6
      }
    }