A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.
References
Link | Resource |
---|---|
https://support.lenovo.com/us/en/product_security/LEN-94532 | Mitigation Vendor Advisory |
Configurations
History
07 Nov 2023, 19:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:lenovo:system_update_plugin:*:*:*:*:*:lenovo_vantage:*:* cpe:2.3:a:lenovo:hardware_scan_plugin:*:*:*:*:*:lenovo_vantage:*:* cpe:2.3:a:lenovo:hardware_scan_addin:*:*:*:*:*:lenovo_vantage:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
First Time |
Lenovo system Update Plugin
Lenovo hardware Scan Addin Lenovo Lenovo hardware Scan Plugin |
|
References | (MISC) https://support.lenovo.com/us/en/product_security/LEN-94532 - Mitigation, Vendor Advisory |
27 Oct 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-27 20:15
Updated : 2023-12-10 15:14
NVD link : CVE-2022-3700
Mitre link : CVE-2022-3700
CVE.ORG link : CVE-2022-3700
JSON object : View
Products Affected
lenovo
- system_update_plugin
- hardware_scan_plugin
- hardware_scan_addin
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition