Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for z1_g8_tower_firmware by hp

    CVE-2022-48220 (GCVE-0-2022-48220)

    Vulnerability from nvd – Published: 2024-02-14 22:21 – Updated: 2025-03-27 14:33
    VLAI
    Summary
    Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. Certain HP Desktop PC products Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    hp elite_tower_880_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp elitedesk_880_g8_tower_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp eliteone_800_g8_27_all-in-one_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_mini_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_sff_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_tower_480_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z1_g9_tower_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_small_form_factor_g9_workstation Affected: 0 , < 01.06.05_rev1 (custom)
        cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_mini_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_tower_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elite_tower_880_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elitedesk_880_g8_tower_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "eliteone_800_g8_27_all-in-one_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_mini_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_sff_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_tower_480_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z1_g9_tower_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_small_form_factor_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "01.06.05_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_mini_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_tower_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T18:56:45.802429Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:33:44.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:10:58.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Certain HP Desktop PC products",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-14T22:21:08.979Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-48220",
        "datePublished": "2024-02-14T22:21:08.979Z",
        "dateReserved": "2023-01-05T17:56:08.359Z",
        "dateUpdated": "2025-03-27T14:33:44.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-48219 (GCVE-0-2022-48219)

    Vulnerability from nvd – Published: 2024-02-14 22:20 – Updated: 2025-03-19 14:17
    VLAI
    Summary
    Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. Certain HP Desktop PC products Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    hp elite_tower_880_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp elitedesk_880_g8_tower_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp eliteone_800_g8_27_all-in-one_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_mini_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_sff_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_tower_480_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z1_g9_tower_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_small_form_factor_g9_workstation Affected: 0 , < 01.06.05_rev1 (custom)
        cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_mini_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_tower_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:10:59.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elite_tower_880_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elitedesk_880_g8_tower_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "eliteone_800_g8_27_all-in-one_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_mini_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_sff_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_tower_480_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z1_g9_tower_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_small_form_factor_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "01.06.05_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_mini_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_tower_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48219",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T18:25:58.914341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-19T14:17:32.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Certain HP Desktop PC products",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": " See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-14T22:20:04.007Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-48219",
        "datePublished": "2024-02-14T22:20:04.007Z",
        "dateReserved": "2023-01-05T17:56:08.359Z",
        "dateUpdated": "2025-03-19T14:17:32.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31646 (GCVE-0-2022-31646)

    Vulnerability from nvd – Published: 2023-06-14 17:07 – Updated: 2024-12-30 15:01
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:01:37.405808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:01:46.211Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T17:07:52.139Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31646",
        "datePublished": "2023-06-14T17:07:52.139Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:01:46.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31645 (GCVE-0-2022-31645)

    Vulnerability from nvd – Published: 2023-06-14 17:07 – Updated: 2024-12-30 15:09
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31645",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:09:15.609954Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:09:21.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. "
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T17:07:00.373Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31645",
        "datePublished": "2023-06-14T17:07:00.373Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:09:21.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31644 (GCVE-0-2022-31644)

    Vulnerability from nvd – Published: 2023-06-14 17:06 – Updated: 2024-12-30 15:13
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.855Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31644",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:13:52.895157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:13:57.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T17:06:30.332Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31644",
        "datePublished": "2023-06-14T17:06:30.332Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:13:57.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31642 (GCVE-0-2022-31642)

    Vulnerability from nvd – Published: 2023-06-14 16:32 – Updated: 2024-12-30 15:23
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:23:08.808296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:23:14.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:32:26.526Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31642",
        "datePublished": "2023-06-14T16:32:26.526Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:23:14.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31641 (GCVE-0-2022-31641)

    Vulnerability from nvd – Published: 2023-06-14 16:31 – Updated: 2024-12-30 15:29
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:29:14.456809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:29:26.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:31:38.198Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31641",
        "datePublished": "2023-06-14T16:31:38.198Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:29:26.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31640 (GCVE-0-2022-31640)

    Vulnerability from nvd – Published: 2023-06-14 16:30 – Updated: 2024-12-30 15:31
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:30:55.730224Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:31:00.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:30:14.571Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31640",
        "datePublished": "2023-06-14T16:30:14.571Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:31:00.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31643 (GCVE-0-2022-31643)

    Vulnerability from nvd – Published: 2023-04-28 15:41 – Updated: 2025-01-30 17:05
    VLAI
    Summary
    A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T17:05:15.359949Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T17:05:19.529Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-28T15:41:22.641Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31643",
        "datePublished": "2023-04-28T15:41:22.641Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2025-01-30T17:05:19.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27538 (GCVE-0-2022-27538)

    Vulnerability from nvd – Published: 2023-01-30 20:41 – Updated: 2025-03-27 19:04
    VLAI
    Summary
    A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T19:04:11.152615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T19:04:44.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27538",
        "datePublished": "2023-01-30T20:41:26.690Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2025-03-27T19:04:44.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27537 (GCVE-0-2022-27537)

    Vulnerability from nvd – Published: 2023-01-30 21:26 – Updated: 2025-03-27 15:23
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T15:21:15.511462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T15:23:56.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27537",
        "datePublished": "2023-01-30T21:26:11.879Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2025-03-27T15:23:56.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-48220 (GCVE-0-2022-48220)

    Vulnerability from cvelistv5 – Published: 2024-02-14 22:21 – Updated: 2025-03-27 14:33
    VLAI
    Summary
    Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. Certain HP Desktop PC products Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    hp elite_tower_880_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp elitedesk_880_g8_tower_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp eliteone_800_g8_27_all-in-one_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_mini_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_sff_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_tower_480_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z1_g9_tower_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_small_form_factor_g9_workstation Affected: 0 , < 01.06.05_rev1 (custom)
        cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_mini_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_tower_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elite_tower_880_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elitedesk_880_g8_tower_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "eliteone_800_g8_27_all-in-one_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_mini_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_sff_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_tower_480_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z1_g9_tower_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_small_form_factor_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "01.06.05_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_mini_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_tower_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T18:56:45.802429Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-203",
                    "description": "CWE-203 Observable Discrepancy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T14:33:44.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:10:58.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Certain HP Desktop PC products",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-14T22:21:08.979Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-48220",
        "datePublished": "2024-02-14T22:21:08.979Z",
        "dateReserved": "2023-01-05T17:56:08.359Z",
        "dateUpdated": "2025-03-27T14:33:44.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-48219 (GCVE-0-2022-48219)

    Vulnerability from cvelistv5 – Published: 2024-02-14 22:20 – Updated: 2025-03-19 14:17
    VLAI
    Summary
    Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-693 - Protection Mechanism Failure
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. Certain HP Desktop PC products Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    hp elite_tower_880_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp elitedesk_880_g8_tower_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp eliteone_800_g8_27_all-in-one_pc Affected: 0 , < 02.14.00_rev1 (custom)
        cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_mini_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_sff_400_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp pro_tower_480_g9_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z1_g9_tower_desktop_pc Affected: 0 , < 02.12.02_rev1 (custom)
        cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_small_form_factor_g9_workstation Affected: 0 , < 01.06.05_rev1 (custom)
        cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_mini_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    hp z2_tower_g9_workstation Affected: 0 , < 2.02.02_rev1 (custom)
        cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*
        cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:10:59.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elite_tower_880_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "elitedesk_880_g8_tower_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "eliteone_800_g8_27_all-in-one_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.14.00_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_mini_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_sff_400_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pro_tower_480_g9_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z1_g9_tower_desktop_pc",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "02.12.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_small_form_factor_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "01.06.05_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_mini_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
                  "cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "z2_tower_g9_workstation",
                "vendor": "hp",
                "versions": [
                  {
                    "lessThan": "2.02.02_rev1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48219",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T18:25:58.914341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-19T14:17:32.799Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Certain HP Desktop PC products",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": " See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-14T22:20:04.007Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-48219",
        "datePublished": "2024-02-14T22:20:04.007Z",
        "dateReserved": "2023-01-05T17:56:08.359Z",
        "dateUpdated": "2025-03-19T14:17:32.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31646 (GCVE-0-2022-31646)

    Vulnerability from cvelistv5 – Published: 2023-06-14 17:07 – Updated: 2024-12-30 15:01
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:01:37.405808Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:01:46.211Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T17:07:52.139Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31646",
        "datePublished": "2023-06-14T17:07:52.139Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:01:46.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31645 (GCVE-0-2022-31645)

    Vulnerability from cvelistv5 – Published: 2023-06-14 17:07 – Updated: 2024-12-30 15:09
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31645",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:09:15.609954Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:09:21.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. "
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T17:07:00.373Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31645",
        "datePublished": "2023-06-14T17:07:00.373Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:09:21.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31644 (GCVE-0-2022-31644)

    Vulnerability from cvelistv5 – Published: 2023-06-14 17:06 – Updated: 2024-12-30 15:13
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.855Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31644",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:13:52.895157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:13:57.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T17:06:30.332Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31644",
        "datePublished": "2023-06-14T17:06:30.332Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:13:57.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31642 (GCVE-0-2022-31642)

    Vulnerability from cvelistv5 – Published: 2023-06-14 16:32 – Updated: 2024-12-30 15:23
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:23:08.808296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:23:14.757Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:32:26.526Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31642",
        "datePublished": "2023-06-14T16:32:26.526Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2024-12-30T15:23:14.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31641 (GCVE-0-2022-31641)

    Vulnerability from cvelistv5 – Published: 2023-06-14 16:31 – Updated: 2024-12-30 15:29
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.896Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:29:14.456809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:29:26.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:31:38.198Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31641",
        "datePublished": "2023-06-14T16:31:38.198Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:29:26.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31640 (GCVE-0-2022-31640)

    Vulnerability from cvelistv5 – Published: 2023-06-14 16:30 – Updated: 2024-12-30 15:31
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:01.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-30T15:30:55.730224Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-30T15:31:00.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-14T16:30:14.571Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31640",
        "datePublished": "2023-06-14T16:30:14.571Z",
        "dateReserved": "2022-05-25T21:05:10.867Z",
        "dateUpdated": "2024-12-30T15:31:00.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31643 (GCVE-0-2022-31643)

    Vulnerability from cvelistv5 – Published: 2023-04-28 15:41 – Updated: 2025-01-30 17:05
    VLAI
    Summary
    A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:26:00.995Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-31643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-30T17:05:15.359949Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-30T17:05:19.529Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-28T15:41:22.641Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7013183-7013209-16/hpsbhf03812"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-31643",
        "datePublished": "2023-04-28T15:41:22.641Z",
        "dateReserved": "2022-05-25T21:05:10.868Z",
        "dateUpdated": "2025-01-30T17:05:19.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27537 (GCVE-0-2022-27537)

    Vulnerability from cvelistv5 – Published: 2023-01-30 21:26 – Updated: 2025-03-27 15:23
    VLAI
    Summary
    Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T15:21:15.511462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T15:23:56.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_6664419-6664458-16/hpsbhf03806"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27537",
        "datePublished": "2023-01-30T21:26:11.879Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2025-03-27T15:23:56.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27538 (GCVE-0-2022-27538)

    Vulnerability from cvelistv5 – Published: 2023-01-30 20:41 – Updated: 2025-03-27 19:04
    VLAI
    Summary
    A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    hp
    Impacted products
    Vendor Product Version
    HP Inc. HP PC BIOS Affected: See HP Security Bulletin reference for affected versions.
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-27T19:04:11.152615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-367",
                    "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-27T19:04:44.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "HP PC BIOS",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "See HP Security Bulletin reference for affected versions."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-01T06:15:59.102Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2022-27538",
        "datePublished": "2023-01-30T20:41:26.690Z",
        "dateReserved": "2022-03-21T21:15:05.750Z",
        "dateUpdated": "2025-03-27T19:04:44.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }