CVE-2022-37020

moderate-risk
Published 2024-06-10

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Elite Slice For Meeting Rooms Firmware
Elitebook 1040 G3 Firmware
Elitebook 820 G3 Firmware
Elitebook 828 G3 Firmware
Elitebook 840 G3 Firmware
Elitebook 848 G3 Firmware
Elitebook 850 G3 Firmware
Elitebook Folio G1 Firmware
Elitedesk 800 35W G2 Desktop Mini Pc Firmware
Elitedesk 800 65W G2 Desktop Mini Pc Firmware
Mp9 G2 Retail System Firmware
Probook 440 G3 Firmware
Probook 446 G3 Firmware
Probook 470 G3 Firmware
Probook 640 G2 Firmware
Probook 650 G2 Firmware
Z2 Mini G3 Workstation Firmware
Z238 Microtower Workstation Firmware

Affected Vendors

Hp

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943
Vendor Advisory https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943
44
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 1/34 · Minimal
Exposure 21/34 · High