1. Home
  2. CVE Database
  3. CVE-2022-38396
HIGH · 7.8

CVE-2022-38396

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the rest...

Vulnerability Description

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MicrosoftWindows 10 1507-
MicrosoftWindows 10 1511-
MicrosoftWindows 10 1607-
MicrosoftWindows 10 1703-
MicrosoftWindows 10 1709-
MicrosoftWindows 10 1803-
MicrosoftWindows 10 1809-
MicrosoftWindows 10 1909-
MicrosoftWindows 10 2004-
MicrosoftWindows 10 20H2-

References

FAQ

What is CVE-2022-38396?

CVE-2022-38396 is a vulnerability with a CVSS score of 7.8 (HIGH). HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the rest...

How severe is CVE-2022-38396?

CVE-2022-38396 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-38396?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 10 1507, Microsoft Windows 10 1511, Microsoft Windows 10 1607, Microsoft Windows 10 1703, Microsoft Windows 10 1709.