CVE-2022-37018

high-risk
Published 2022-12-12

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10 High
LOCAL / LOW complexity

Affected Products (20)

Z1 G3 Firmware
Z2 Mini G3 Firmware
Z238 Microtower Firmware
Z240 Sff Firmware
Z240 Tower Firmware
Engage One Aio System Firmware
Mp9 G2 Retail System Firmware
Elitedesk 800 35W G2 Desktop Mini Pc Firmware
Elitedesk 800 35W G3 Desktop Mini Pc Firmware
Elitedesk 800 65W G2 Desktop Mini Pc Firmware
Elitedesk 800 65W G3 Desktop Mini Pc Firmware
Elitedesk 800 G2 Sff Firmware
Eliteone 800 G2 Aio Firmware
Eliteone 800 G3 Firmware
Prodesk 400 G3 Dm Firmware
Prodesk 400 G4 Microtower Firmware
Prodesk 400 G4 Sff Firmware
Prodesk 480 G4 Microtower Pc Firmware

Affected Vendors

Hp

References (2)

Patch https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820
Patch https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820
54
/ 100
high-risk
Severity 26/34 · High
Exploitability 0/34 · Minimal
Exposure 28/34 · Critical