{"id": "CVE-2022-43779", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2023-02-12T04:15:16.060", "references": [{"url": "https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829", "tags": ["Patch", "Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability."}], "lastModified": "2024-11-21T07:27:14.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:348_g4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEE153A6-4830-4AFE-8686-7A565DA17AC8", "versionEndExcluding": "f.65"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:348_g4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49DAEC47-59F9-4DB5-9A7D-99ED68DE702E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:260_g2_desktop_mini_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "557E5418-A72F-4C32-A8A5-0BA2E6D86F76", "versionEndExcluding": "2.26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:260_g2_desktop_mini:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B46A5A35-548C-4D8A-8615-155BE636D0DA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:218_pro_g5_mt_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8BC161C-763B-4245-92FA-DD3409C2CEBD", "versionEndExcluding": "f15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:218_pro_g5_mt:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "611B7336-44A2-4A6A-94A2-9C6A55E6B878"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:260_g3_desktop_mini_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28D3AFD7-5EC1-49CB-8940-31D54D34145D", "versionEndExcluding": "02.20.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:260_g3_desktop_mini:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F5AFD7D7-554B-426F-873E-F240A34C1178"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:260_g4_desktop_mini_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FE54A16-C1C9-4316-944B-185EB5DD8137", "versionEndExcluding": "02.12.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:260_g4_desktop_mini:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1A3C361-80EC-4776-9949-3CB5B4319A65"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:280_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F89E8E31-A6D5-41E8-B7DC-8B12EDD10689", "versionEndExcluding": "02.02.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:280_g3_microtower_pc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F80CC04F-9AAE-47B6-9F6D-A20E7FB58D57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:280_g3_pci_microtower_pc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF066652-0581-4C5A-AF12-0D1425C70B26", "versionEndExcluding": "02.02.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:280_g3_pci_microtower_pc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6488C91D-C3B6-4DBC-AB84-66C034F12F85"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:288_pro_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "592EF5D6-CC6D-4AB5-9E9D-D1505D01043D", "versionEndExcluding": "00.02.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:288_pro_g3_microtower_pc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A33680A7-EB8D-45A4-8F3D-C7D1657471B5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:290_g1_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F87FB74C-93C1-42D5-99CC-955C84CAB676", "versionEndExcluding": "00.02.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:290_g1_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "916FDAB3-6BE7-4783-BCDA-03519A090755"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_300_g3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5E0D0B3-B543-43A0-BAE4-26D6360C1112", "versionEndExcluding": "f15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_300_g3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC1CA282-C10A-450C-AC5C-7D4DB28B7769"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_a_300_g3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C4A67C7-3B7F-4AB5-BC59-FC9C1DAC92F6", "versionEndExcluding": "f12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_a_300_g3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC252085-28AD-4B4B-B3F2-46A79EC4454E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_a_g2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C7D086F-37FD-4E6C-850F-84C6A1F82716", "versionEndExcluding": "f.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_a_g2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B71FF05-319E-4AF9-898A-535C47296918"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_a_g2_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7F4D44A-229F-4F20-A428-752C5C3653B0", "versionEndExcluding": "f.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_a_g2_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F2483BA-E501-46EE-9E65-A3B80A3354C9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_a_g3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C92281F0-A9A6-4A91-A476-D2297F19C9EB", "versionEndExcluding": "f12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_a_g3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEB20EDC-6674-40ED-8A47-B742837D1E29"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_a_g3_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEC30EED-1990-4D47-B1CD-1FB7E62BBC6E", "versionEndExcluding": "f12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_a_g3_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37108B1D-2BED-42D6-87A4-596E75FB645F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_g3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9E162B6-B3F4-4F58-91ED-186EC919D928", "versionEndExcluding": "f15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_g3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BABA54B2-6DD5-4CEE-A0DF-5C7B498E38BF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_g3_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0253ED0-B9FF-4050-8F6F-9D0A65511BB5", "versionEndExcluding": "f15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_g3_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DE0F273-92B2-448A-B8F1-7EB1F132B74A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:desktop_pro_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8053C388-2231-4DDB-AF1D-84A73FAE9925", "versionEndExcluding": "00.02.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:desktop_pro_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "260A0E1E-1B35-43A1-B0AF-696942DCC932"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:zhan_66_pro_a_g1_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3976A254-EA9D-4976-B041-98F1F8DA6130", "versionEndExcluding": "f.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:zhan_66_pro_a_g1_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B21CB1F-1AA7-4983-B89A-DB4F655F327B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:zhan_66_pro_a_g1_r_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1289BC6-AFF4-4FCE-A3AA-D5D6037F7549", "versionEndExcluding": "f12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:zhan_66_pro_a_g1_r_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "39465F25-77A7-401E-A198-B052064AA241"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:zhan_66_pro_g1_r_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10C50921-3336-47CF-BBC8-D94B924A29F8", "versionEndExcluding": "f15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:zhan_66_pro_g1_r_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44F52B8E-14B4-4967-B243-DFDB7037E6EC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:zhan_86_pro_g1_microtower_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56BDBFDB-5E52-47C5-923A-9E5C24795261", "versionEndExcluding": "00.02.40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:zhan_86_pro_g1_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AACFA1BA-C08E-4659-B6A7-E957DDB72C36"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:rp2_retail_system_2000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "864FDD6C-D435-4C96-A882-62120DA6E1D0", "versionEndExcluding": "2.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:rp2_retail_system_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56681D4A-2D4B-495F-85E3-635F51E7A63D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:rp2_retail_system_2020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACDD5962-2CCE-45F6-97E3-1F962EBD938D", "versionEndExcluding": "2.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:rp2_retail_system_2020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9270F8AA-88E9-456C-A571-3D2DF1D06363"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:rp2_retail_system_2030_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47F3C45A-3762-4EAB-BFC7-5D2EDD03D760", "versionEndExcluding": "2.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:rp2_retail_system_2030:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BAC73F0F-09F9-4916-B0DD-DB69D6699CB2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}