Lucene search

HpCVE-2022-27540

HistoryJun 28, 2024 - 7:15 p.m.

CVE-2022-27540

2024-06-2819:15:03

CWE-367

web.nvd.nist.gov

bios

toctou

vulnerability

pc products

arbitrary code execution

denial of service

information disclosure

bios updates

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

9.1%

JSON

A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

CNA Affected

[
  {
    "vendor": "HP Inc.",
    "product": "HP PC BIOS",
    "defaultStatus": "unknown",
    "versions": [
      {
        "version": "See HP Security Bulletin reference for affected versions.",
        "status": "affected"
      }
    ]
  }
]

References

support.hp.com/us-en/document/ish_10810714-10810745-16/hpsbhf03948

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-27540