Issued: Monday, 19 September, 2022 |
Last Revision: Monday, 19 September, 2022 |
Vendor: |
Product: |
Severity Level: |
A new vulnerability has been identified and exploited in HP support assistance, a software tool that comes pre-installed on all HP devices.
Attacker can exploit this vulnerability by using the RAT tool and elevate their privileges by using DLL hijacking flaw on vulnerable systems and it triggers when user attempt to launch HP performance Tuneup from within HP support assistant.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-38395
| DLL Hijacking Flaw – Privileges Escalation | 8.2 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Product(s) |
CVE-2022-38395
| HP Support Assistant versions earlier than 9.11 |
Fusion versions earlier than 1.38.2601.0 |
Table 2: Vulnerable versions
HP has recommended to update the affected software with latest firmware.