HP Desktop PCs Vulnerable to Physical Attack Bypass
CVE-2022-48220

6.4MEDIUM

Key Information:

Vendor: HP
Status: Certain HP Desktop Pc Products
Vendor: CVE Published:; 14 February 2024

What is CVE-2022-48220?

Certain HP Desktop PCs utilizing the TamperLock feature have been found to exhibit vulnerabilities that may be exploited through physical attacks, potentially bypassing intrusion detection mechanisms. HP is addressing these issues by providing firmware updates and guidance designed to strengthen the security posture of affected devices. Organizations using these desktops should prioritize applying the latest firmware to protect against potential exploitation.

Affected Version(s)

Certain HP Desktop PC products See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_10170895-101709...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2024
Vulnerability Reserved
Jan 5, 2023