CVE-2022-48220

moderate-risk
Published 2024-02-14

Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10 Medium
PHYSICAL / LOW complexity

Affected Products (20)

Elite Mini 600 G9 Firmware
Elite Mini 800 G9 Firmware
Elite Sff 600 G9 Firmware
Elite Sff 800 G9 Firmware
Elite Tower 600 G9 Firmware
Elite Tower 680 G9 Firmware
Elite Tower 800 G9 Firmware
Elite Tower 880 G9 Firmware
Elitedesk 800 G8 Desktop Mini Firmware
Elitedesk 800 G8 Small Form Factor Firmware
Elitedesk 800 G8 Tower Firmware
Elitedesk 880 G8 Tower Firmware
Eliteone 800 G8 24 All-In-One Firmware
Eliteone 800 G8 27 All-In-One Firmware
Mini Conferencing Pc Firmware
Pro Mini 260 G9 Firmware
Pro Mini 400 G9 Firmware
Pro Sff 400 G9 Firmware
Pro Tower 400 G9 Firmware
Pro Tower 480 G9 Firmware

Affected Vendors

Hp

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907
Vendor Advisory https://support.hp.com/us-en/document/ish_10170895-10170920-16/hpsbhf03907
44
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 22/34 · High