Search criteria
12 vulnerabilities found for z2_small_form_factor_g9_firmware by hp
CVE-2022-48220 (GCVE-0-2022-48220)
Vulnerability from nvd – Published: 2024-02-14 22:21 – Updated: 2025-03-27 14:33
VLAI?
Summary
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
Severity ?
6.4 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | Certain HP Desktop PC products |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elite_tower_880_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elitedesk_880_g8_tower_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eliteone_800_g8_27_all-in-one_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_mini_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_sff_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_tower_480_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z1_g9_tower_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_small_form_factor_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "01.06.05_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_mini_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_tower_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T18:56:45.802429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:33:44.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:58.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Certain HP Desktop PC products",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T22:21:08.979Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-48220",
"datePublished": "2024-02-14T22:21:08.979Z",
"dateReserved": "2023-01-05T17:56:08.359Z",
"dateUpdated": "2025-03-27T14:33:44.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48219 (GCVE-0-2022-48219)
Vulnerability from nvd – Published: 2024-02-14 22:20 – Updated: 2025-03-19 14:17
VLAI?
Summary
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
Severity ?
6.4 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | Certain HP Desktop PC products |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elite_tower_880_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elitedesk_880_g8_tower_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eliteone_800_g8_27_all-in-one_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_mini_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_sff_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_tower_480_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z1_g9_tower_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_small_form_factor_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "01.06.05_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_mini_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_tower_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T18:25:58.914341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:17:32.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Certain HP Desktop PC products",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": " See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T22:20:04.007Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-48219",
"datePublished": "2024-02-14T22:20:04.007Z",
"dateReserved": "2023-01-05T17:56:08.359Z",
"dateUpdated": "2025-03-19T14:17:32.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31642 (GCVE-0-2022-31642)
Vulnerability from nvd – Published: 2023-06-14 16:32 – Updated: 2024-12-30 15:23
VLAI?
Summary
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T15:23:08.808296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:23:14.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T16:32:26.526Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-31642",
"datePublished": "2023-06-14T16:32:26.526Z",
"dateReserved": "2022-05-25T21:05:10.868Z",
"dateUpdated": "2024-12-30T15:23:14.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31641 (GCVE-0-2022-31641)
Vulnerability from nvd – Published: 2023-06-14 16:31 – Updated: 2024-12-30 15:29
VLAI?
Summary
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T15:29:14.456809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:29:26.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T16:31:38.198Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-31641",
"datePublished": "2023-06-14T16:31:38.198Z",
"dateReserved": "2022-05-25T21:05:10.867Z",
"dateUpdated": "2024-12-30T15:29:26.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31640 (GCVE-0-2022-31640)
Vulnerability from nvd – Published: 2023-06-14 16:30 – Updated: 2024-12-30 15:31
VLAI?
Summary
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T15:30:55.730224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:31:00.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T16:30:14.571Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-31640",
"datePublished": "2023-06-14T16:30:14.571Z",
"dateReserved": "2022-05-25T21:05:10.867Z",
"dateUpdated": "2024-12-30T15:31:00.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27538 (GCVE-0-2022-27538)
Vulnerability from nvd – Published: 2023-01-30 20:41 – Updated: 2025-03-27 19:04
VLAI?
Summary
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
Severity ?
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T19:04:11.152615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:04:44.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T06:15:59.102Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-27538",
"datePublished": "2023-01-30T20:41:26.690Z",
"dateReserved": "2022-03-21T21:15:05.750Z",
"dateUpdated": "2025-03-27T19:04:44.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48220 (GCVE-0-2022-48220)
Vulnerability from cvelistv5 – Published: 2024-02-14 22:21 – Updated: 2025-03-27 14:33
VLAI?
Summary
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
Severity ?
6.4 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | Certain HP Desktop PC products |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elite_tower_880_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elitedesk_880_g8_tower_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eliteone_800_g8_27_all-in-one_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_mini_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_sff_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_tower_480_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z1_g9_tower_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_small_form_factor_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "01.06.05_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_mini_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_tower_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T18:56:45.802429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:33:44.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:58.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Certain HP Desktop PC products",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T22:21:08.979Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-48220",
"datePublished": "2024-02-14T22:21:08.979Z",
"dateReserved": "2023-01-05T17:56:08.359Z",
"dateUpdated": "2025-03-27T14:33:44.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48219 (GCVE-0-2022-48219)
Vulnerability from cvelistv5 – Published: 2024-02-14 22:20 – Updated: 2025-03-19 14:17
VLAI?
Summary
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.
Severity ?
6.4 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | Certain HP Desktop PC products |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:59.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elite_tower_880_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "elitedesk_880_g8_tower_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "eliteone_800_g8_27_all-in-one_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.14.00_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_mini_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_sff_400_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pro_tower_480_g9_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z1_g9_tower_desktop_pc",
"vendor": "hp",
"versions": [
{
"lessThan": "02.12.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_small_form_factor_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "01.06.05_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_mini_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
"cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "z2_tower_g9_workstation",
"vendor": "hp",
"versions": [
{
"lessThan": "2.02.02_rev1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-48219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T18:25:58.914341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:17:32.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Certain HP Desktop PC products",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": " See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T22:20:04.007Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-48219",
"datePublished": "2024-02-14T22:20:04.007Z",
"dateReserved": "2023-01-05T17:56:08.359Z",
"dateUpdated": "2025-03-19T14:17:32.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31642 (GCVE-0-2022-31642)
Vulnerability from cvelistv5 – Published: 2023-06-14 16:32 – Updated: 2024-12-30 15:23
VLAI?
Summary
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T15:23:08.808296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:23:14.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T16:32:26.526Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-31642",
"datePublished": "2023-06-14T16:32:26.526Z",
"dateReserved": "2022-05-25T21:05:10.868Z",
"dateUpdated": "2024-12-30T15:23:14.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31641 (GCVE-0-2022-31641)
Vulnerability from cvelistv5 – Published: 2023-06-14 16:31 – Updated: 2024-12-30 15:29
VLAI?
Summary
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:00.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T15:29:14.456809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:29:26.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T16:31:38.198Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-31641",
"datePublished": "2023-06-14T16:31:38.198Z",
"dateReserved": "2022-05-25T21:05:10.867Z",
"dateUpdated": "2024-12-30T15:29:26.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31640 (GCVE-0-2022-31640)
Vulnerability from cvelistv5 – Published: 2023-06-14 16:30 – Updated: 2024-12-30 15:31
VLAI?
Summary
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T15:30:55.730224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:31:00.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T16:30:14.571Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-31640",
"datePublished": "2023-06-14T16:30:14.571Z",
"dateReserved": "2022-05-25T21:05:10.867Z",
"dateUpdated": "2024-12-30T15:31:00.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27538 (GCVE-0-2022-27538)
Vulnerability from cvelistv5 – Published: 2023-01-30 20:41 – Updated: 2025-03-27 19:04
VLAI?
Summary
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
Severity ?
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-27538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T19:04:11.152615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:04:44.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T06:15:59.102Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_7387020-7387107-16/hpsbhf03827"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2022-27538",
"datePublished": "2023-01-30T20:41:26.690Z",
"dateReserved": "2022-03-21T21:15:05.750Z",
"dateUpdated": "2025-03-27T19:04:44.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}