cbcvebase.

Lenovo Diagnostics vulnerabilities

5 known vulnerabilities affecting lenovo/diagnostics.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-3699P2HIGHCVSS 7.8ExploitedPoCfixed in 4.45.0≥ , < 4.452023-10-25
CVE-2022-3699 [HIGH] CWE-787 CVE-2022-3699: A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
nvd
CVE-2020-8338P3HIGHCVSS 7.8fixed in 4.35.4≥ unspecified, < 4.35.42020-10-14
CVE-2020-8338 [HIGH] CWE-426 CVE-2020-8338: A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that coul A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
nvd
CVE-2026-0827P3HIGHCVSS 7.1fixed in 5.26.02026-04-15
CVE-2026-0827 [HIGH] CWE-59 CVE-2026-0827: During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnosti During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated privileges.
nvd
CVE-2022-3698P4MEDIUMCVSS 4.4fixed in 4.45.0≥ , < 4.452023-10-25
CVE-2022-3698 [MEDIUM] CWE-400 CVE-2022-3698: A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
nvd
CVE-2022-0353P4MEDIUMCVSS 4.4fixed in 4.45.0≥ , < 4.452023-10-25
CVE-2022-0353 [MEDIUM] CWE-400 CVE-2022-0353: A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
nvd