CVE-2022-38396

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/ie-en/document/ish_7620368-7620413-16	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_10_20h2:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1809:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1909:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1703:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1709:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1803:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1807:-:::::::*
	cpe:2.3:o:microsoft:windows_10_2004:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1507:-:::::::*

Information

Published : 2023-02-11 20:15

Updated : 2023-02-22 08:24

NVD link : CVE-2022-38396

Mitre link : CVE-2022-38396

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

microsoft

windows_10_1809
windows_10_1507
windows_10_1709
windows_10_1511
windows_10_1909
windows_10_20h2
windows_10_1703
windows_10_1607
windows_10_1803
windows_10_1807
windows_10_2004

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16", "name": "https://support.hp.com/ie-en/document/ish_7620368-7620413-16", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-38396", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2023-02-12T04:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1807:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-22T16:24Z"}