PT-2023-1476 · Microsoft · Windows 10

Published

2023-02-02

Updated

2025-03-25

CVE-2022-38396

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows 10 versions prior to 21H2

Description The issue is related to HP Factory Preinstalled Images on certain systems shipped with Windows 10, where escalation of privilege might occur via execution of certain files outside the restricted path. This is due to incorrect restriction of the directory path name with limited access. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Windows 10 versions prior to 21H2, update to Windows 10 version 21H2 or later to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2023-00885

CVE-2022-38396

Affected Products

Windows 10

PT-2023-1476 · Microsoft · Windows 10

CVE-2022-38396

Weakness Enumeration

Related Identifiers

Affected Products

References · 6