CVE-2017-2751
moderate-risk
Published 2018-10-03
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
Do I need to act?
~
4.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (20)
Hp 240 G1 Firmware
Hp 245 G1 Firmware
Hp 1000-1300 Firmware
Hp 250 G1 Notebook Pc Firmware
Hp 255 G1 Notebook Pc Firmware
Hp Envy 15-J000 Firmware
Hp Envy 15-J100 Firmware
Hp Pavilion 15-N000 Firmware
Hp 246 Firmware
Hp 455 Firmware
Hp Envy 17 J100 Firmware
Hp Envy 17-J100 Leap Motion Se Firmware
Hp Split 13-G200 Firmware
Hp Envy 100 Firmware
Hp Pavilion 14-N000 Firmware
Hp Envy 14-K100 Firmware
Hp Spectre X2 13-Smb Pro Firmware
Hp Spectre 13-H200 Firmware
Hp Pavilion 15-N200 Firmware
Hp Pavilion 15-N300 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.hp.com/us-en/document/c05913581
Vendor Advisory
https://support.hp.com/us-en/document/c05913581
47
/ 100
moderate-risk
Severity
16/34 · Moderate
Exploitability
8/34 · Low
Exposure
23/34 · High