Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38395

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

Published

2022-12-12T13:15:14.420

Last Modified

2025-04-29T19:15:51.787

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-427
Type: Secondary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hp	fusion	< 1.38.2601.0	Yes
Application	hp	support_assistant	< 9.11	Yes

References

https://support.hp.com/us-en/document/ish_6788123-6788147-16/hpsbhf03809 Vendor Advisory ([email protected])
https://support.hp.com/us-en/document/ish_6788123-6788147-16/hpsbhf03809 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)