fkie_cve-2022-43779
Vulnerability from fkie_nvd
Published
2023-02-12 04:15
Modified
2025-03-25 21:15
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:348_g4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FEE153A6-4830-4AFE-8686-7A565DA17AC8", versionEndExcluding: "f.65", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:348_g4:-:*:*:*:*:*:*:*", matchCriteriaId: "49DAEC47-59F9-4DB5-9A7D-99ED68DE702E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:260_g2_desktop_mini_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "557E5418-A72F-4C32-A8A5-0BA2E6D86F76", versionEndExcluding: "2.26", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:260_g2_desktop_mini:-:*:*:*:*:*:*:*", matchCriteriaId: "B46A5A35-548C-4D8A-8615-155BE636D0DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:218_pro_g5_mt_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A8BC161C-763B-4245-92FA-DD3409C2CEBD", versionEndExcluding: "f15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:218_pro_g5_mt:-:*:*:*:*:*:*:*", matchCriteriaId: "611B7336-44A2-4A6A-94A2-9C6A55E6B878", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:260_g3_desktop_mini_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "28D3AFD7-5EC1-49CB-8940-31D54D34145D", versionEndExcluding: "02.20.00", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:260_g3_desktop_mini:-:*:*:*:*:*:*:*", matchCriteriaId: "F5AFD7D7-554B-426F-873E-F240A34C1178", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:260_g4_desktop_mini_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3FE54A16-C1C9-4316-944B-185EB5DD8137", versionEndExcluding: "02.12.00", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:260_g4_desktop_mini:-:*:*:*:*:*:*:*", matchCriteriaId: "B1A3C361-80EC-4776-9949-3CB5B4319A65", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:280_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F89E8E31-A6D5-41E8-B7DC-8B12EDD10689", versionEndExcluding: "02.02.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:280_g3_microtower_pc:-:*:*:*:*:*:*:*", matchCriteriaId: "F80CC04F-9AAE-47B6-9F6D-A20E7FB58D57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:280_g3_pci_microtower_pc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF066652-0581-4C5A-AF12-0D1425C70B26", versionEndExcluding: "02.02.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:280_g3_pci_microtower_pc:-:*:*:*:*:*:*:*", matchCriteriaId: "6488C91D-C3B6-4DBC-AB84-66C034F12F85", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:288_pro_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "592EF5D6-CC6D-4AB5-9E9D-D1505D01043D", versionEndExcluding: "00.02.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:288_pro_g3_microtower_pc:-:*:*:*:*:*:*:*", matchCriteriaId: "A33680A7-EB8D-45A4-8F3D-C7D1657471B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:290_g1_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F87FB74C-93C1-42D5-99CC-955C84CAB676", versionEndExcluding: "00.02.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:290_g1_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "916FDAB3-6BE7-4783-BCDA-03519A090755", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_300_g3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B5E0D0B3-B543-43A0-BAE4-26D6360C1112", versionEndExcluding: "f15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_300_g3:-:*:*:*:*:*:*:*", matchCriteriaId: "CC1CA282-C10A-450C-AC5C-7D4DB28B7769", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_a_300_g3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C4A67C7-3B7F-4AB5-BC59-FC9C1DAC92F6", versionEndExcluding: "f12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_a_300_g3:-:*:*:*:*:*:*:*", matchCriteriaId: "CC252085-28AD-4B4B-B3F2-46A79EC4454E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_a_g2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7C7D086F-37FD-4E6C-850F-84C6A1F82716", versionEndExcluding: "f.11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_a_g2:-:*:*:*:*:*:*:*", matchCriteriaId: "1B71FF05-319E-4AF9-898A-535C47296918", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_a_g2_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D7F4D44A-229F-4F20-A428-752C5C3653B0", versionEndExcluding: "f.11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_a_g2_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "2F2483BA-E501-46EE-9E65-A3B80A3354C9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_a_g3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C92281F0-A9A6-4A91-A476-D2297F19C9EB", versionEndExcluding: "f12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_a_g3:-:*:*:*:*:*:*:*", matchCriteriaId: "AEB20EDC-6674-40ED-8A47-B742837D1E29", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_a_g3_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CEC30EED-1990-4D47-B1CD-1FB7E62BBC6E", versionEndExcluding: "f12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_a_g3_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "37108B1D-2BED-42D6-87A4-596E75FB645F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_g3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F9E162B6-B3F4-4F58-91ED-186EC919D928", versionEndExcluding: "f15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_g3:-:*:*:*:*:*:*:*", matchCriteriaId: "BABA54B2-6DD5-4CEE-A0DF-5C7B498E38BF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_g3_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0253ED0-B9FF-4050-8F6F-9D0A65511BB5", versionEndExcluding: "f15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_g3_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "1DE0F273-92B2-448A-B8F1-7EB1F132B74A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:desktop_pro_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8053C388-2231-4DDB-AF1D-84A73FAE9925", versionEndExcluding: "00.02.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:desktop_pro_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "260A0E1E-1B35-43A1-B0AF-696942DCC932", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:zhan_66_pro_a_g1_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3976A254-EA9D-4976-B041-98F1F8DA6130", versionEndExcluding: "f.11", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:zhan_66_pro_a_g1_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "9B21CB1F-1AA7-4983-B89A-DB4F655F327B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:zhan_66_pro_a_g1_r_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A1289BC6-AFF4-4FCE-A3AA-D5D6037F7549", versionEndExcluding: "f12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:zhan_66_pro_a_g1_r_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "39465F25-77A7-401E-A198-B052064AA241", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:zhan_66_pro_g1_r_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "10C50921-3336-47CF-BBC8-D94B924A29F8", versionEndExcluding: "f15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:zhan_66_pro_g1_r_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "44F52B8E-14B4-4967-B243-DFDB7037E6EC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:zhan_86_pro_g1_microtower_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56BDBFDB-5E52-47C5-923A-9E5C24795261", versionEndExcluding: "00.02.40", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:zhan_86_pro_g1_microtower:-:*:*:*:*:*:*:*", matchCriteriaId: "AACFA1BA-C08E-4659-B6A7-E957DDB72C36", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:rp2_retail_system_2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "864FDD6C-D435-4C96-A882-62120DA6E1D0", versionEndExcluding: "2.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:rp2_retail_system_2000:-:*:*:*:*:*:*:*", matchCriteriaId: "56681D4A-2D4B-495F-85E3-635F51E7A63D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:rp2_retail_system_2020_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACDD5962-2CCE-45F6-97E3-1F962EBD938D", versionEndExcluding: "2.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:rp2_retail_system_2020:-:*:*:*:*:*:*:*", matchCriteriaId: "9270F8AA-88E9-456C-A571-3D2DF1D06363", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:rp2_retail_system_2030_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47F3C45A-3762-4EAB-BFC7-5D2EDD03D760", versionEndExcluding: "2.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:rp2_retail_system_2030:-:*:*:*:*:*:*:*", matchCriteriaId: "BAC73F0F-09F9-4916-B0DD-DB69D6699CB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.", }, ], id: "CVE-2022-43779", lastModified: "2025-03-25T21:15:37.933", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-12T04:15:16.060", references: [ { source: "hp-security-alert@hp.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-367", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-367", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.