CVE-2022-31646

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 68.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

328

HP Inc. HP PC Bios HP Dragonfly Folio G3 2-in-1 Firmware HP Elite Dragonfly Firmware +325 more

Timeline

PublishedJun 14

Description

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages328 packages

▶CVEListV5hp_inc./hp_pc_biosSee HP Security Bulletin reference for affected versions

▶NVDhp/mp9_g2_retail_system_firmware2.59

▶NVDhp/mp9_g4_retail_system_firmware02.21.00

▶NVDhp/rp9_g1_retail_system_firmware2.59

▶NVDhp/engage_one_aio_system_firmware2.44

🔴Vulnerability Details

CVEList

CVE-2022-31646: Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of↗2023-06-14

▶

GHSA

GHSA-g32f-3xj9-c76c: Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of↗2023-06-14

▶