CVE-2022-38395

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 78.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
HP FusionHP Support AssistantHP Inc. HP Support Assistant
Timeline
PublishedDec 12

Description

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5hp_inc./hp_support_assistantSee HP Security Bulletin reference for affected versions.
NVDhp/fusion< 1.38.2601.0

🔴Vulnerability Details

2
GHSA
GHSA-v36q-qx7x-fwf9: HP Support Assistant uses HP Performance Tune-up as a diagnostic tool2022-12-12
CVEList
CVE-2022-38395: HP Support Assistant uses HP Performance Tune-up as a diagnostic tool2022-11-18
CVE-2022-38395 (HIGH CVSS 7.8) | HP Support Assistant uses HP Perfor | cvebase.io