CVE-2022-38396
Last modified
CVE-2022-38396 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.
Description
HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 1507 | All versions |
| Microsoft | Windows 10 1511 | All versions |
| Microsoft | Windows 10 1607 | All versions |
| Microsoft | Windows 10 1703 | All versions |
| Microsoft | Windows 10 1709 | All versions |
| Microsoft | Windows 10 1803 | All versions |
| Microsoft | Windows 10 1809 | All versions |
| Microsoft | Windows 10 1909 | All versions |
| Microsoft | Windows 10 2004 | All versions |
| Microsoft | Windows 10 20h2 | All versions |
References
- https://support.hp.com/ie-en/document/ish_7620368-7620413-16Vendor Advisory
- https://support.hp.com/ie-en/document/ish_7620368-7620413-16Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-38396?
How severe is CVE-2022-38396?
How do I fix CVE-2022-38396?
Are you affected by CVE-2022-38396?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST