CVE-2022-48220 — Observable Discrepancy in HP Elite Mini 600 G9 Firmware

CWE-203 — Observable Discrepancy3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

0.1%

top 64.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Elite Mini 600 G9 Firmware HP Elite Mini 800 G9 Firmware HP Elite SFF 600 G9 Firmware +25 more

Timeline

PublishedFeb 14

Latest updateFeb 15

Description

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LExploitability: 0.9 | Impact: 5.5

Affected Packages28 packages

▶CVEListV5hp_inc/certain_hp_desktop_pc_productsSee HP Security Bulletin reference for affected versions.

▶NVDhp/elitedesk_800_g8_desktop_mini_firmware< 02.14.00

▶NVDhp/z2_mini_g9_firmware< 02.02.02

▶NVDhp/z1_g8_tower_firmware< 02.14.00

▶NVDhp/z1_g9_tower_firmware< 02.12.02

🔴Vulnerability Details

GHSA

GHSA-r78h-8xqv-6cr8: Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detectio↗2024-02-15

▶

CVEList

CVE-2022-48220: Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detectio↗2024-02-14

▶