Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for probook_470_g4_firmware by hp

    CVE-2022-31642 (GCVE-0-2022-31642)

    Vulnerability from nvd – Published: 2023-06-14 16:32 – Updated: 2024-12-30 15:23
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:23:08.808296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:23:14.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:32:26.526Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31642",
        "datePublished": "2023-06-14T16:32:26.526Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:23:14.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31641 (GCVE-0-2022-31641)

    Vulnerability from nvd – Published: 2023-06-14 16:31 – Updated: 2024-12-30 15:29
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:29:14.456809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:29:26.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:31:38.198Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31641",
        "datePublished": "2023-06-14T16:31:38.198Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:29:26.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31640 (GCVE-0-2022-31640)

    Vulnerability from nvd – Published: 2023-06-14 16:30 – Updated: 2024-12-30 15:31
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:30:55.730224Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:31:00.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:30:14.571Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31640",
        "datePublished": "2023-06-14T16:30:14.571Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:31:00.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3809 (GCVE-0-2021-3809)

    Vulnerability from nvd – Published: 2023-01-30 20:53 – Updated: 2025-03-27 19:00
    VLAI
    Summary
    Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T19:00:39.757642Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T19:00:42.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3809",
        "datePublished": "2023-01-30T20:53:00.162Z",
        "dateReserved": "2021-09-16T17:39:00.913Z",
        "dateUpdated": "2025-03-27T19:00:42.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3808 (GCVE-0-2021-3808)

    Vulnerability from nvd – Published: 2023-01-30 20:52 – Updated: 2025-03-27 19:02
    VLAI
    Summary
    Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T19:01:38.833668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T19:02:10.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3808",
        "datePublished": "2023-01-30T20:52:16.761Z",
        "dateReserved": "2021-09-16T17:38:58.392Z",
        "dateUpdated": "2025-03-27T19:02:10.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3439 (GCVE-0-2021-3439)

    Vulnerability from nvd – Published: 2023-01-30 21:39 – Updated: 2025-03-27 18:53
    VLAI
    Summary
    HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3439",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:53:47.847074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:53:50.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3439",
        "datePublished": "2023-01-30T21:39:58.692Z",
        "dateReserved": "2021-03-12T01:04:04.575Z",
        "dateUpdated": "2025-03-27T18:53:50.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-37018 (GCVE-0-2022-37018)

    Vulnerability from nvd – Published: 2022-11-21 21:02 – Updated: 2025-04-29 04:48
    VLAI
    Summary
    A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-276 - Incorrect Default Permissions
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-37018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T04:47:24.232206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T04:48:11.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T12:11:04.548Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-37018",
        "datePublished": "2022-11-21T21:02:37.037Z",
        "dateReserved": "2022-07-28T22:58:23.254Z",
        "dateUpdated": "2025-04-29T04:48:11.747Z",
        "requesterUserId": "e0158710-d811-4b94-9318-6cef34bebe03",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31642 (GCVE-0-2022-31642)

    Vulnerability from cvelistv5 – Published: 2023-06-14 16:32 – Updated: 2024-12-30 15:23
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:23:08.808296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:23:14.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:32:26.526Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31642",
        "datePublished": "2023-06-14T16:32:26.526Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:23:14.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31641 (GCVE-0-2022-31641)

    Vulnerability from cvelistv5 – Published: 2023-06-14 16:31 – Updated: 2024-12-30 15:29
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:29:14.456809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:29:26.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:31:38.198Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31641",
        "datePublished": "2023-06-14T16:31:38.198Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:29:26.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31640 (GCVE-0-2022-31640)

    Vulnerability from cvelistv5 – Published: 2023-06-14 16:30 – Updated: 2024-12-30 15:31
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:30:55.730224Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:31:00.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:30:14.571Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31640",
        "datePublished": "2023-06-14T16:30:14.571Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:31:00.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3439 (GCVE-0-2021-3439)

    Vulnerability from cvelistv5 – Published: 2023-01-30 21:39 – Updated: 2025-03-27 18:53
    VLAI
    Summary
    HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:53:17.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3439",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T18:53:47.847074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T18:53:50.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3439",
        "datePublished": "2023-01-30T21:39:58.692Z",
        "dateReserved": "2021-03-12T01:04:04.575Z",
        "dateUpdated": "2025-03-27T18:53:50.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3809 (GCVE-0-2021-3809)

    Vulnerability from cvelistv5 – Published: 2023-01-30 20:53 – Updated: 2025-03-27 19:00
    VLAI
    Summary
    Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T19:00:39.757642Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T19:00:42.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3809",
        "datePublished": "2023-01-30T20:53:00.162Z",
        "dateReserved": "2021-09-16T17:39:00.913Z",
        "dateUpdated": "2025-03-27T19:00:42.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-3808 (GCVE-0-2021-3808)

    Vulnerability from cvelistv5 – Published: 2023-01-30 20:52 – Updated: 2025-03-27 19:02
    VLAI
    Summary
    Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-269 - Improper Privilege Management
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:09:09.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-3808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T19:01:38.833668Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T19:02:10.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2021-3808",
        "datePublished": "2023-01-30T20:52:16.761Z",
        "dateReserved": "2021-09-16T17:38:58.392Z",
        "dateUpdated": "2025-03-27T19:02:10.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-37018 (GCVE-0-2022-37018)

    Vulnerability from cvelistv5 – Published: 2022-11-21 21:02 – Updated: 2025-04-29 04:48
    VLAI
    Summary
    A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-276 - Incorrect Default Permissions
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-37018",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T04:47:24.232206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T04:48:11.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-12T12:11:04.548Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-37018",
        "datePublished": "2022-11-21T21:02:37.037Z",
        "dateReserved": "2022-07-28T22:58:23.254Z",
        "dateUpdated": "2025-04-29T04:48:11.747Z",
        "requesterUserId": "e0158710-d811-4b94-9318-6cef34bebe03",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }