CVE-2022-37019

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.3%

top 47.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Elite Slice Firmware HP Elite Slice FOR Meeting Rooms Firmware HP Elitebook 1040 G3 Firmware +24 more

Timeline

PublishedJun 10

Latest updateJun 11

Description

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:LExploitability: 2.5 | Impact: 4.2

Affected Packages27 packages

▶NVDhp/mp9_g2_retail_system_firmware< 02.63

▶NVDhp/rp9_g1_retail_system_firmware< 02.64

▶NVDhp/elite_slice_firmware< 00.02.64

▶NVDhp/zbook_15_g3_firmware< 1.62

▶NVDhp/zbook_17_g3_firmware< 1.62

🔴Vulnerability Details

GHSA

GHSA-g7xm-f45g-5wvg: Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code executi↗2024-06-11

▶

CVEList

HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows↗2024-06-10

▶