CVE-2017-2751

Published: Oct 3, 2018Modified: Nov 21, 2024

4.6

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Affected (34)

Products: Hp: Hp 240 G1 Firmware, Hp 245 G1 Firmware, Hp 1000 1300 Firmware, Hp 250 G1 Notebook Pc Firmware, Hp 255 G1 Notebook Pc Firmware, Hp Envy 15 J000 Firmware, Hp Envy 15 J100 Firmware, Hp Pavilion 15 N000 Firmware, Hp 246 Firmware, Hp 455 Firmware, Hp Envy 17 J100 Firmware, Hp Envy 17 J100 Leap Motion Se Firmware, Hp Split 13 G200 Firmware, Hp Envy 100 Firmware, Hp Pavilion 14 N000 Firmware, Hp Envy 14 K100 Firmware, Hp Spectre X2 13 Smb Pro Firmware, Hp Spectre 13 H200 Firmware, Hp Pavilion 15 N200 Firmware, Hp Pavilion 15 N300 Firmware, Hp Envy M6 N000 Firmware, Hp 255 G3 Firmware, Hp 14 G000 Firmware, Hp Pavilion 11 N000 Firmware, Hp 15 R000 Firmware, Hp 15 R500 Firmware, Hp Pavilion 10 F000 Firmware, Hp G14 A000 Firmware, Hp 14 R000 Firmware, Hp 240 G3 Firmware, Hp 246 G3 Firmware, Compaq Cq45 900 Firmware, Compaq 14 H000 Firmware, Compaq 14 S000 Firmware

34 products

Hp 240 G1 Firmware

Hp 245 G1 Firmware

Hp 1000 1300 Firmware

Hp 250 G1 Notebook Pc Firmware

Hp 255 G1 Notebook Pc Firmware

Hp Envy 15 J000 Firmware

Hp Envy 15 J100 Firmware

Hp Pavilion 15 N000 Firmware

Hp 246 Firmware

Hp 455 Firmware

Hp Envy 17 J100 Firmware

Hp Envy 17 J100 Leap Motion Se Firmware

Hp Split 13 G200 Firmware

Hp Envy 100 Firmware

Hp Pavilion 14 N000 Firmware

Hp Envy 14 K100 Firmware

Hp Spectre X2 13 Smb Pro Firmware

Hp Spectre 13 H200 Firmware

Hp Pavilion 15 N200 Firmware

Hp Pavilion 15 N300 Firmware

Hp Envy M6 N000 Firmware

Hp 255 G3 Firmware

Hp 14 G000 Firmware

Hp Pavilion 11 N000 Firmware

Hp 15 R000 Firmware

Hp 15 R500 Firmware

Hp Pavilion 10 F000 Firmware

Compaq Cq45 900 Firmware

Compaq 14 H000 Firmware

Compaq 14 S000 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 240 G1 Firmware	Before f.48

Running on/with	Platform Versions
Hp Hp 240 G1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 245 G1 Firmware	Before f.48

Running on/with	Platform Versions
Hp Hp 245 G1	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 1000 1300 Firmware	Before f.48

Running on/with	Platform Versions
Hp Hp 1000 1300	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 250 G1 Notebook Pc Firmware	Before f.47

Running on/with	Platform Versions
Hp Hp 250 G1 Notebook Pc	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 255 G1 Notebook Pc Firmware	Before f.47

Running on/with	Platform Versions
Hp Hp 255 G1 Notebook Pc	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Envy 15 J000 Firmware	Before f.22

Running on/with	Platform Versions
Hp Hp Envy 15 J000	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Envy 15 J100 Firmware	Before f.71

Running on/with	Platform Versions
Hp Hp Envy 15 J100	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Pavilion 15 N000 Firmware	Before f.72

Running on/with	Platform Versions
Hp Hp Pavilion 15 N000	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 246 Firmware	Before f.04

Running on/with	Platform Versions
Hp Hp 246	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 455 Firmware	Before f.08

Running on/with	Platform Versions
Hp Hp 455	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Envy 17 J100 Firmware	Before f.71

Running on/with	Platform Versions
Hp Hp Envy 17 J100	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Envy 17 J100 Leap Motion Se Firmware	Before f.71

Running on/with	Platform Versions
Hp Hp Envy 17 J100 Leap Motion Se	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Split 13 G200 Firmware	Before f.25

Running on/with	Platform Versions
Hp Hp Split 13 G200	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Envy 100 Firmware	Before f.22

Running on/with	Platform Versions
Hp Hp Envy 100	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Pavilion 14 N000 Firmware	Before f.72

Running on/with	Platform Versions
Hp Hp Pavilion 14 N000	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Envy 14 K100 Firmware	Before f.22

Running on/with	Platform Versions
Hp Hp Envy 14 K100	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Spectre X2 13 Smb Pro Firmware	Before f.25

Running on/with	Platform Versions
Hp Hp Spectre X2 13 Smb Pro	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Spectre 13 H200 Firmware	Before f.25

Running on/with	Platform Versions
Hp Hp Spectre 13 H200	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Pavilion 15 N200 Firmware	Before f.72

Running on/with	Platform Versions
Hp Hp Pavilion 15 N200	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Pavilion 15 N300 Firmware	Before f.72

Running on/with	Platform Versions
Hp Hp Pavilion 15 N300	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Envy M6 N000 Firmware	Before f.26

Running on/with	Platform Versions
Hp Hp Envy M6 N000	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 255 G3 Firmware	Before f.45

Running on/with	Platform Versions
Hp Hp 255 G3	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 14 G000 Firmware	Before f.45

Running on/with	Platform Versions
Hp Hp 14 G000	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Pavilion 11 N000 Firmware	Before f.2e

Running on/with	Platform Versions
Hp Hp Pavilion 11 N000	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 15 R000 Firmware	Before f.43

Running on/with	Platform Versions
Hp Hp 15 R000	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 15 R500 Firmware	Before f.43

Running on/with	Platform Versions
Hp Hp 15 R500	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp Pavilion 10 F000 Firmware	Before f.0e

Running on/with	Platform Versions
Hp Hp Pavilion 10 F000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp G14 A000 Firmware	Before f.06

Running on/with	Platform Versions
Hp Hp G14 A000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 14 R000 Firmware	Before f.43

Running on/with	Platform Versions
Hp Hp 14 R000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 240 G3 Firmware	Before f.43

Running on/with	Platform Versions
Hp Hp 240 G3	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Hp 246 G3 Firmware	Before f.43

Running on/with	Platform Versions
Hp Hp 246 G3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Compaq Cq45 900 Firmware	All versions

Running on/with	Platform Versions
Hp Compaq Cq45 900	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Compaq 14 H000 Firmware	All versions

Running on/with	Platform Versions
Hp Compaq 14 H000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Compaq 14 S000 Firmware	All versions

Running on/with	Platform Versions
Hp Compaq 14 S000	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://support.hp.com/us-en/document/c05913581

Source: hp-security-alert@hp.com

Vendor Advisory

https://support.hp.com/us-en/document/c05913581

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.