CVE-2022-43779
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD
Description
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.
Affected (25)
Products: Hp: 348 G4 Firmware, 260 G2 Desktop Mini Firmware, 218 Pro G5 Mt Firmware, 260 G3 Desktop Mini Firmware, 260 G4 Desktop Mini Firmware, 280 G3 Microtower Pc Firmware, 280 G3 Pci Microtower Pc Firmware, 288 Pro G3 Microtower Pc Firmware, 290 G1 Microtower Firmware, Desktop Pro 300 G3 Firmware, Desktop Pro A 300 G3 Firmware, Desktop Pro A G2 Firmware, Desktop Pro A G2 Microtower Firmware, Desktop Pro A G3 Firmware, Desktop Pro A G3 Microtower Firmware, Desktop Pro G3 Firmware, Desktop Pro G3 Microtower Firmware, Desktop Pro Microtower Firmware, Zhan 66 Pro A G1 Microtower Firmware, Zhan 66 Pro A G1 R Microtower Firmware, Zhan 66 Pro G1 R Microtower Firmware, Zhan 86 Pro G1 Microtower Firmware, Rp2 Retail System 2000 Firmware, Rp2 Retail System 2020 Firmware, Rp2 Retail System 2030 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before f.65 |
| Running on/with | Platform Versions |
|---|---|
Hp 348 G4 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.26 |
| Running on/with | Platform Versions |
|---|---|
Hp 260 G2 Desktop Mini | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before f15 |
| Running on/with | Platform Versions |
|---|---|
Hp 218 Pro G5 Mt | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.20.00 |
| Running on/with | Platform Versions |
|---|---|
Hp 260 G3 Desktop Mini | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.12.00 |
| Running on/with | Platform Versions |
|---|---|
Hp 260 G4 Desktop Mini | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.02.40 |
| Running on/with | Platform Versions |
|---|---|
Hp 280 G3 Microtower Pc | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.02.40 |
| Running on/with | Platform Versions |
|---|---|
Hp 280 G3 Pci Microtower Pc | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.02.40 |
| Running on/with | Platform Versions |
|---|---|
Hp 288 Pro G3 Microtower Pc | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.02.40 |
| Running on/with | Platform Versions |
|---|---|
Hp 290 G1 Microtower | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before f15 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro 300 G3 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before f12 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro A 300 G3 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before f.11 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro A G2 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before f.11 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro A G2 Microtower | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before f12 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro A G3 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before f12 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro A G3 Microtower | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before f15 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro G3 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before f15 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro G3 Microtower | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.02.40 |
| Running on/with | Platform Versions |
|---|---|
Hp Desktop Pro Microtower | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before f.11 |
| Running on/with | Platform Versions |
|---|---|
Hp Zhan 66 Pro A G1 Microtower | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before f12 |
| Running on/with | Platform Versions |
|---|---|
Hp Zhan 66 Pro A G1 R Microtower | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before f15 |
| Running on/with | Platform Versions |
|---|---|
Hp Zhan 66 Pro G1 R Microtower | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.02.40 |
| Running on/with | Platform Versions |
|---|---|
Hp Zhan 86 Pro G1 Microtower | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.24 |
| Running on/with | Platform Versions |
|---|---|
Hp Rp2 Retail System 2000 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.24 |
| Running on/with | Platform Versions |
|---|---|
Hp Rp2 Retail System 2020 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.24 |
| Running on/with | Platform Versions |
|---|---|
Hp Rp2 Retail System 2030 | All versions |
References (2)
Source: hp-security-alert@hp.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.