CVE-2022-31642

high-risk
Published 2023-06-14

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Do I need to act?

-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (20)

Elite Tower 800 G9 Firmware
Elite Tower 880 G9 Firmware
Elitedesk 705 G4 Firmware
Elitedesk 705 G5 Firmware
Elitedesk 800 G3 Firmware
Elitedesk 800 G4 Firmware
Elitedesk 800 G5 Firmware
Elitedesk 800 G6 Firmware
Elitedesk 800 G8 Firmware
Elitedesk 805 G6 Firmware
Elitedesk 805 G8 Firmware
Elitedesk 880 G3 Firmware
Elitedesk 880 G4 Firmware
Elitedesk 880 G5 Firmware
Elitedesk 880 G6 Firmware
Elitedesk 880 G8 Firmware
Eliteone 1000 G1 Firmware
Eliteone 1000 G2 Firmware
Eliteone 800 G3 Healthcare Edition Firmware
Eliteone 800 G3 Firmware

Affected Vendors

Hp

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805
Vendor Advisory https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805
52
/ 100
high-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 33/34 · Critical