TOCTOU Vulnerability in AMI UEFI Firmware for HP PCs
CVE-2022-43779
7HIGH
Key Information:
- Vendor
- HP
- Vendor
- CVE Published:
- 12 February 2023
Summary
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in certain HP PC products that utilize AMI UEFI Firmware. This flaw could allow an attacker to execute arbitrary code, potentially leading to denial of service or unauthorized information disclosure. HP has issued updates to mitigate this vulnerability, emphasizing the importance of keeping firmware up to date to protect against such security risks.
Affected Version(s)
HP PC products using AMI UEFI Firmware See HP Security Bulletin reference for affected versions.
References
CVSS V3.1
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved