Vulnerability-Lookup

BDU:2024-02874

Vulnerability from fstec - Published: 13.02.2024

Title

Уязвимость функции HP TamperLock микропрограммного обеспечения UEFI (BIOS) настольных рабочих станций и персональных компьютеров Hewlett-Packard Development Company L.P., позволяющая нарушителю обойти ограничения безопасности

Description

Уязвимость функции HP TamperLock микропрограммного обеспечения UEFI (BIOS) настольных рабочих станций и персональных компьютеров Hewlett-Packard Development Company L.P. связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю обойти ограничения безопасности

Severity ?


                    
                      AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Vendor

HP Inc.

Software Name

HP Z2 Mini G9 Workstation, HP Z2 Small Form Factor G8 Workstation, HP Z2 Small Form Factor G9 Workstation, HP Z2 Tower G8 Workstation, HP Z2 Tower G9 Workstation, HP Elite Mini 600 G9 Desktop PC, HP Elite Mini 800 G9 Desktop PC, HP Elite SFF 600 G9 Desktop PC, HP Elite SFF 800 G9 Desktop PC, HP Elite Tower 600 G9 Desktop PC, HP Elite Tower 680 G9 Desktop PC, HP Elite Tower 800 G9 Desktop PC, HP Elite Tower 880 G9 Desktop PC, HP EliteDesk 800 G8 Desktop Mini PC, HP EliteDesk 800 G8 Small Form Factor PC, HP EliteDesk 800 G8 Tower PC, HP EliteDesk 880 G8 Tower PC, HP EliteOne 800 G8 24 All-in-One PC, HP EliteOne 800 G8 27 All-in-One PC, HP Mini Conferencing PC with Zoom Rooms, HP Pro Mini 260 G9 Desktop PC, HP Pro Mini 400 G9 Desktop PC, HP Pro SFF 400 G9 Desktop PC, HP Pro Tower 400 G9 Desktop PC, HP Pro Tower 480 G9 Desktop PC, HP Z1 G8 Tower Desktop PC, HP Z1 G9 Tower Desktop PC

Software Version

до 02.02.02 (HP Z2 Mini G9 Workstation), до 01.06.05 (HP Z2 Small Form Factor G8 Workstation), до 02.02.02 (HP Z2 Small Form Factor G9 Workstation), до 01.06.05 (HP Z2 Tower G8 Workstation), до 02.02.02 (HP Z2 Tower G9 Workstation), - (HP Elite Mini 600 G9 Desktop PC), - (HP Elite Mini 800 G9 Desktop PC), - (HP Elite SFF 600 G9 Desktop PC), - (HP Elite SFF 800 G9 Desktop PC), - (HP Elite Tower 600 G9 Desktop PC), - (HP Elite Tower 680 G9 Desktop PC), - (HP Elite Tower 800 G9 Desktop PC), - (HP Elite Tower 880 G9 Desktop PC), - (HP EliteDesk 800 G8 Desktop Mini PC), - (HP EliteDesk 800 G8 Small Form Factor PC), - (HP EliteDesk 800 G8 Tower PC), - (HP EliteDesk 880 G8 Tower PC), - (HP EliteOne 800 G8 24 All-in-One PC), - (HP EliteOne 800 G8 27 All-in-One PC), - (HP Mini Conferencing PC with Zoom Rooms), - (HP Pro Mini 260 G9 Desktop PC), - (HP Pro Mini 400 G9 Desktop PC), - (HP Pro SFF 400 G9 Desktop PC), - (HP Pro Tower 400 G9 Desktop PC), - (HP Pro Tower 480 G9 Desktop PC), - (HP Z1 G8 Tower Desktop PC), - (HP Z1 G9 Tower Desktop PC)

Possible Mitigations

Использование рекомендаций: https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907

Reference

https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907 https://vuldb.com/?id.253913

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:P",
  "CVSS 3.0": "AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "HP Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 02.02.02 (HP Z2 Mini G9 Workstation), \u0434\u043e 01.06.05 (HP Z2 Small Form Factor G8 Workstation), \u0434\u043e 02.02.02 (HP Z2 Small Form Factor G9 Workstation), \u0434\u043e 01.06.05 (HP Z2 Tower G8 Workstation), \u0434\u043e 02.02.02 (HP Z2 Tower G9 Workstation), - (HP Elite Mini 600 G9 Desktop PC), - (HP Elite Mini 800 G9 Desktop PC), - (HP Elite SFF 600 G9 Desktop PC), - (HP Elite SFF 800 G9 Desktop PC), - (HP Elite Tower 600 G9 Desktop PC), - (HP Elite Tower 680 G9 Desktop PC), - (HP Elite Tower 800 G9 Desktop PC), - (HP Elite Tower 880 G9 Desktop PC), - (HP EliteDesk 800 G8 Desktop Mini PC), - (HP EliteDesk 800 G8 Small Form Factor PC), - (HP EliteDesk 800 G8 Tower PC), - (HP EliteDesk 880 G8 Tower PC), - (HP EliteOne 800 G8 24 All-in-One PC), - (HP EliteOne 800 G8 27 All-in-One PC), - (HP Mini Conferencing PC with Zoom Rooms), - (HP Pro Mini 260 G9 Desktop PC), - (HP Pro Mini 400 G9 Desktop PC), - (HP Pro SFF 400 G9 Desktop PC), - (HP Pro Tower 400 G9 Desktop PC), - (HP Pro Tower 480 G9 Desktop PC), - (HP Z1 G8 Tower Desktop PC), - (HP Z1 G9 Tower Desktop PC)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.04.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02874",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-48220",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "HP Z2 Mini G9 Workstation, HP Z2 Small Form Factor G8 Workstation, HP Z2 Small Form Factor G9 Workstation, HP Z2 Tower G8 Workstation, HP Z2 Tower G9 Workstation, HP Elite Mini 600 G9 Desktop PC, HP Elite Mini 800 G9 Desktop PC, HP Elite SFF 600 G9 Desktop PC, HP Elite SFF 800 G9 Desktop PC, HP Elite Tower 600 G9 Desktop PC, HP Elite Tower 680 G9 Desktop PC, HP Elite Tower 800 G9 Desktop PC, HP Elite Tower 880 G9 Desktop PC, HP EliteDesk 800 G8 Desktop Mini PC, HP EliteDesk 800 G8 Small Form Factor PC, HP EliteDesk 800 G8 Tower PC, HP EliteDesk 880 G8 Tower PC, HP EliteOne 800 G8 24 All-in-One PC, HP EliteOne 800 G8 27 All-in-One PC, HP Mini Conferencing PC with Zoom Rooms, HP Pro Mini 260 G9 Desktop PC, HP Pro Mini 400 G9 Desktop PC, HP Pro SFF 400 G9 Desktop PC, HP Pro Tower 400 G9 Desktop PC, HP Pro Tower 480 G9 Desktop PC, HP Z1 G8 Tower Desktop PC, HP Z1 G9 Tower Desktop PC",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 HP TamperLock \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f UEFI (BIOS) \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0438 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 Hewlett-Packard Development Company L.P., \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 HP TamperLock \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f UEFI (BIOS) \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0438 \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 Hewlett-Packard Development Company L.P. \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0418\u0437-\u0437\u0430 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-48220 \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 BIOS \u0434\u043b\u044f BUSINESS DESKTOP PCS (\u0441\u043c. \u0441\u0430\u0439\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f)",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907\nhttps://vuldb.com/?id.253913",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)"
}

CVE-2022-48220 (GCVE-0-2022-48220)

Vulnerability from cvelistv5 – Published: 2024-02-14 22:21 – Updated: 2025-03-27 14:33

Summary

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE

CWE-203 - Observable Discrepancy

Assigner

References

URL

Tags

https://support.hp.com/us-en/document/ish_1017089…

Impacted products

	Vendor	Product	Version
	HP Inc.	Certain HP Desktop PC products	Affected: See HP Security Bulletin reference for affected versions.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:hp:elite_mini_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:elite_mini_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:elite_sff_600_g9_desktop_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:elite_sff_800_g9_desktop_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:elite_tower_880_g9_desktop_pc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "elite_tower_880_g9_desktop_pc",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "02.12.02_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:elitedesk_800_g8_desktop_mini_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:elitedesk_800_g8_small_form_factor_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:elitedesk_800_g8_tower_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:elitedesk_880_g8_tower_pc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "elitedesk_880_g8_tower_pc",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "02.14.00_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:eliteone_800_g8_24_all-in-one_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:eliteone_800_g8_27_all-in-one_pc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "eliteone_800_g8_27_all-in-one_pc",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "02.14.00_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:pro_mini_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pro_mini_400_g9_desktop_pc",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "02.12.02_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:pro_sff_400_g9_desktop_pc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pro_sff_400_g9_desktop_pc",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "02.12.02_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:pro_tower_400_g9_desktop_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:pro_tower_480_g9_desktop_pc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pro_tower_480_g9_desktop_pc",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "02.12.02_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:z1_g8_tower_desktop_pc:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:z1_g9_tower_desktop_pc:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "z1_g9_tower_desktop_pc",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "02.12.02_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:z2_small_form_factor_g8_workstation:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:z2_small_form_factor_g9_workstation:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "z2_small_form_factor_g9_workstation",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "01.06.05_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:z2_mini_g9_workstation:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "z2_mini_g9_workstation",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "2.02.02_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:hp:z2_tower_g8_workstation:-:*:*:*:*:*:*:*",
              "cpe:2.3:h:hp:z2_tower_g9_workstation:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "z2_tower_g9_workstation",
            "vendor": "hp",
            "versions": [
              {
                "lessThan": "2.02.02_rev1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "LOW",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48220",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T18:56:45.802429Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T14:33:44.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:10:58.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Certain HP Desktop PC products",
          "vendor": "HP Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "See HP Security Bulletin reference for affected versions."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T22:21:08.979Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "url": "https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907"
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.15"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2022-48220",
    "datePublished": "2024-02-14T22:21:08.979Z",
    "dateReserved": "2023-01-05T17:56:08.359Z",
    "dateUpdated": "2025-03-27T14:33:44.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-02874

CVE-2022-48220 (GCVE-0-2022-48220)

Tags

Sightings

Nomenclature