CVE-2022-27537

CWE-94 — Code Injection3 documents3 sources

Severity

7.8HIGH

EPSS

0.2%

top 57.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

328

HP Inc. HP PC Bios HP Dragonfly Folio G3 2-in-1 Firmware HP Elite Dragonfly Firmware +325 more

Timeline

PublishedFeb 1

Description

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages328 packages

▶CVEListV5hp_inc./hp_pc_biosSee HP Security Bulletin reference for affected versions.

▶NVDhp/mp9_g2_retail_system_firmware2.59

▶NVDhp/mp9_g4_retail_system_firmware02.21.00

▶NVDhp/rp9_g1_retail_system_firmware2.59

▶NVDhp/engage_one_aio_system_firmware2.44

🔴Vulnerability Details

GHSA

GHSA-w74v-6cvm-j42q: Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of↗2023-02-01

▶

CVEList

CVE-2022-27537: Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of↗2023-01-30

▶