HP BIOS Vulnerabilities Could Lead to Privilege Escalation and Code Execution
CVE-2022-37019

6.8MEDIUM

Key Information:

Vendor: HP
Status: HP Pc Products
Vendor: CVE Published:; 10 June 2024

What is CVE-2022-37019?

A series of potential vulnerabilities have been identified in the system BIOS of certain HP PC products. These vulnerabilities could potentially allow unauthorized escalation of privileges, enabling attackers to execute arbitrary code. HP has recognized the critical nature of these vulnerabilities and is proactively issuing firmware updates to address and mitigate the associated risks. Users are encouraged to apply the latest updates to enhance system security and prevent potential exploits.

Affected Version(s)

HP PC products See HP security bulletin reference for affected versions

References

https://support.hp.com/us-en/document/ish_10737430-107374...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
Jul 28, 2022