cve-2022-43779
Vulnerability from cvelistv5
Published
2023-02-03 16:42
Modified
2024-08-03 13:40
Severity ?
Summary
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.
References
hp-security-alert@hp.comhttps://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829Patch, Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HP PC products using AMI UEFI Firmware",
          "vendor": "HP Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "See HP Security Bulletin reference for affected versions."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-12T01:45:42.615671Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "url": "https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829"
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.13"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2022-43779",
    "datePublished": "2023-02-03T16:42:10.283Z",
    "dateReserved": "2022-10-26T14:39:32.656Z",
    "dateUpdated": "2024-08-03T13:40:06.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:348_g4_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f.65\", \"matchCriteriaId\": \"FEE153A6-4830-4AFE-8686-7A565DA17AC8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:348_g4:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49DAEC47-59F9-4DB5-9A7D-99ED68DE702E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:260_g2_desktop_mini_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.26\", \"matchCriteriaId\": \"557E5418-A72F-4C32-A8A5-0BA2E6D86F76\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:260_g2_desktop_mini:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B46A5A35-548C-4D8A-8615-155BE636D0DA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:218_pro_g5_mt_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f15\", \"matchCriteriaId\": \"A8BC161C-763B-4245-92FA-DD3409C2CEBD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:218_pro_g5_mt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"611B7336-44A2-4A6A-94A2-9C6A55E6B878\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:260_g3_desktop_mini_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"02.20.00\", \"matchCriteriaId\": \"28D3AFD7-5EC1-49CB-8940-31D54D34145D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:260_g3_desktop_mini:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5AFD7D7-554B-426F-873E-F240A34C1178\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:260_g4_desktop_mini_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"02.12.00\", \"matchCriteriaId\": \"3FE54A16-C1C9-4316-944B-185EB5DD8137\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:260_g4_desktop_mini:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1A3C361-80EC-4776-9949-3CB5B4319A65\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:280_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"02.02.40\", \"matchCriteriaId\": \"F89E8E31-A6D5-41E8-B7DC-8B12EDD10689\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:280_g3_microtower_pc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F80CC04F-9AAE-47B6-9F6D-A20E7FB58D57\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:280_g3_pci_microtower_pc_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"02.02.40\", \"matchCriteriaId\": \"BF066652-0581-4C5A-AF12-0D1425C70B26\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:280_g3_pci_microtower_pc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6488C91D-C3B6-4DBC-AB84-66C034F12F85\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:288_pro_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"00.02.40\", \"matchCriteriaId\": \"592EF5D6-CC6D-4AB5-9E9D-D1505D01043D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:288_pro_g3_microtower_pc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A33680A7-EB8D-45A4-8F3D-C7D1657471B5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:290_g1_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"00.02.40\", \"matchCriteriaId\": \"F87FB74C-93C1-42D5-99CC-955C84CAB676\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:290_g1_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"916FDAB3-6BE7-4783-BCDA-03519A090755\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_300_g3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f15\", \"matchCriteriaId\": \"B5E0D0B3-B543-43A0-BAE4-26D6360C1112\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_300_g3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC1CA282-C10A-450C-AC5C-7D4DB28B7769\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_a_300_g3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f12\", \"matchCriteriaId\": \"9C4A67C7-3B7F-4AB5-BC59-FC9C1DAC92F6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_a_300_g3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC252085-28AD-4B4B-B3F2-46A79EC4454E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_a_g2_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f.11\", \"matchCriteriaId\": \"7C7D086F-37FD-4E6C-850F-84C6A1F82716\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_a_g2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B71FF05-319E-4AF9-898A-535C47296918\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_a_g2_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f.11\", \"matchCriteriaId\": \"D7F4D44A-229F-4F20-A428-752C5C3653B0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_a_g2_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F2483BA-E501-46EE-9E65-A3B80A3354C9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_a_g3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f12\", \"matchCriteriaId\": \"C92281F0-A9A6-4A91-A476-D2297F19C9EB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_a_g3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEB20EDC-6674-40ED-8A47-B742837D1E29\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_a_g3_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f12\", \"matchCriteriaId\": \"CEC30EED-1990-4D47-B1CD-1FB7E62BBC6E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_a_g3_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37108B1D-2BED-42D6-87A4-596E75FB645F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_g3_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f15\", \"matchCriteriaId\": \"F9E162B6-B3F4-4F58-91ED-186EC919D928\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_g3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BABA54B2-6DD5-4CEE-A0DF-5C7B498E38BF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_g3_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f15\", \"matchCriteriaId\": \"B0253ED0-B9FF-4050-8F6F-9D0A65511BB5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_g3_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DE0F273-92B2-448A-B8F1-7EB1F132B74A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:desktop_pro_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"00.02.40\", \"matchCriteriaId\": \"8053C388-2231-4DDB-AF1D-84A73FAE9925\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:desktop_pro_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"260A0E1E-1B35-43A1-B0AF-696942DCC932\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:zhan_66_pro_a_g1_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f.11\", \"matchCriteriaId\": \"3976A254-EA9D-4976-B041-98F1F8DA6130\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:zhan_66_pro_a_g1_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B21CB1F-1AA7-4983-B89A-DB4F655F327B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:zhan_66_pro_a_g1_r_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f12\", \"matchCriteriaId\": \"A1289BC6-AFF4-4FCE-A3AA-D5D6037F7549\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:zhan_66_pro_a_g1_r_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39465F25-77A7-401E-A198-B052064AA241\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:zhan_66_pro_g1_r_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f15\", \"matchCriteriaId\": \"10C50921-3336-47CF-BBC8-D94B924A29F8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:zhan_66_pro_g1_r_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44F52B8E-14B4-4967-B243-DFDB7037E6EC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:zhan_86_pro_g1_microtower_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"00.02.40\", \"matchCriteriaId\": \"56BDBFDB-5E52-47C5-923A-9E5C24795261\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:zhan_86_pro_g1_microtower:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AACFA1BA-C08E-4659-B6A7-E957DDB72C36\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:rp2_retail_system_2000_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.24\", \"matchCriteriaId\": \"864FDD6C-D435-4C96-A882-62120DA6E1D0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:rp2_retail_system_2000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56681D4A-2D4B-495F-85E3-635F51E7A63D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:rp2_retail_system_2020_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.24\", \"matchCriteriaId\": \"ACDD5962-2CCE-45F6-97E3-1F962EBD938D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:rp2_retail_system_2020:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9270F8AA-88E9-456C-A571-3D2DF1D06363\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:rp2_retail_system_2030_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.24\", \"matchCriteriaId\": \"47F3C45A-3762-4EAB-BFC7-5D2EDD03D760\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:rp2_retail_system_2030:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAC73F0F-09F9-4916-B0DD-DB69D6699CB2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.\"}]",
      "id": "CVE-2022-43779",
      "lastModified": "2024-11-21T07:27:14.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}]}",
      "published": "2023-02-12T04:15:16.060",
      "references": "[{\"url\": \"https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829\", \"source\": \"hp-security-alert@hp.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "hp-security-alert@hp.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-367\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43779\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2023-02-12T04:15:16.060\",\"lastModified\":\"2024-11-21T07:27:14.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:348_g4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f.65\",\"matchCriteriaId\":\"FEE153A6-4830-4AFE-8686-7A565DA17AC8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:348_g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DAEC47-59F9-4DB5-9A7D-99ED68DE702E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:260_g2_desktop_mini_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.26\",\"matchCriteriaId\":\"557E5418-A72F-4C32-A8A5-0BA2E6D86F76\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:260_g2_desktop_mini:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B46A5A35-548C-4D8A-8615-155BE636D0DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:218_pro_g5_mt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f15\",\"matchCriteriaId\":\"A8BC161C-763B-4245-92FA-DD3409C2CEBD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:218_pro_g5_mt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"611B7336-44A2-4A6A-94A2-9C6A55E6B878\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:260_g3_desktop_mini_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"02.20.00\",\"matchCriteriaId\":\"28D3AFD7-5EC1-49CB-8940-31D54D34145D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:260_g3_desktop_mini:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5AFD7D7-554B-426F-873E-F240A34C1178\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:260_g4_desktop_mini_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"02.12.00\",\"matchCriteriaId\":\"3FE54A16-C1C9-4316-944B-185EB5DD8137\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:260_g4_desktop_mini:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1A3C361-80EC-4776-9949-3CB5B4319A65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:280_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"02.02.40\",\"matchCriteriaId\":\"F89E8E31-A6D5-41E8-B7DC-8B12EDD10689\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:280_g3_microtower_pc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80CC04F-9AAE-47B6-9F6D-A20E7FB58D57\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:280_g3_pci_microtower_pc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"02.02.40\",\"matchCriteriaId\":\"BF066652-0581-4C5A-AF12-0D1425C70B26\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:280_g3_pci_microtower_pc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6488C91D-C3B6-4DBC-AB84-66C034F12F85\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:288_pro_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"00.02.40\",\"matchCriteriaId\":\"592EF5D6-CC6D-4AB5-9E9D-D1505D01043D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:288_pro_g3_microtower_pc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A33680A7-EB8D-45A4-8F3D-C7D1657471B5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:290_g1_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"00.02.40\",\"matchCriteriaId\":\"F87FB74C-93C1-42D5-99CC-955C84CAB676\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:290_g1_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"916FDAB3-6BE7-4783-BCDA-03519A090755\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_300_g3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f15\",\"matchCriteriaId\":\"B5E0D0B3-B543-43A0-BAE4-26D6360C1112\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_300_g3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC1CA282-C10A-450C-AC5C-7D4DB28B7769\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_a_300_g3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f12\",\"matchCriteriaId\":\"9C4A67C7-3B7F-4AB5-BC59-FC9C1DAC92F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_a_300_g3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC252085-28AD-4B4B-B3F2-46A79EC4454E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_a_g2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f.11\",\"matchCriteriaId\":\"7C7D086F-37FD-4E6C-850F-84C6A1F82716\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_a_g2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B71FF05-319E-4AF9-898A-535C47296918\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_a_g2_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f.11\",\"matchCriteriaId\":\"D7F4D44A-229F-4F20-A428-752C5C3653B0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_a_g2_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F2483BA-E501-46EE-9E65-A3B80A3354C9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_a_g3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f12\",\"matchCriteriaId\":\"C92281F0-A9A6-4A91-A476-D2297F19C9EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_a_g3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEB20EDC-6674-40ED-8A47-B742837D1E29\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_a_g3_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f12\",\"matchCriteriaId\":\"CEC30EED-1990-4D47-B1CD-1FB7E62BBC6E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_a_g3_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37108B1D-2BED-42D6-87A4-596E75FB645F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_g3_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f15\",\"matchCriteriaId\":\"F9E162B6-B3F4-4F58-91ED-186EC919D928\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_g3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BABA54B2-6DD5-4CEE-A0DF-5C7B498E38BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_g3_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f15\",\"matchCriteriaId\":\"B0253ED0-B9FF-4050-8F6F-9D0A65511BB5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_g3_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DE0F273-92B2-448A-B8F1-7EB1F132B74A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:desktop_pro_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"00.02.40\",\"matchCriteriaId\":\"8053C388-2231-4DDB-AF1D-84A73FAE9925\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:desktop_pro_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260A0E1E-1B35-43A1-B0AF-696942DCC932\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:zhan_66_pro_a_g1_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f.11\",\"matchCriteriaId\":\"3976A254-EA9D-4976-B041-98F1F8DA6130\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:zhan_66_pro_a_g1_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B21CB1F-1AA7-4983-B89A-DB4F655F327B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:zhan_66_pro_a_g1_r_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f12\",\"matchCriteriaId\":\"A1289BC6-AFF4-4FCE-A3AA-D5D6037F7549\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:zhan_66_pro_a_g1_r_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39465F25-77A7-401E-A198-B052064AA241\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:zhan_66_pro_g1_r_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f15\",\"matchCriteriaId\":\"10C50921-3336-47CF-BBC8-D94B924A29F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:zhan_66_pro_g1_r_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44F52B8E-14B4-4967-B243-DFDB7037E6EC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:zhan_86_pro_g1_microtower_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"00.02.40\",\"matchCriteriaId\":\"56BDBFDB-5E52-47C5-923A-9E5C24795261\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:zhan_86_pro_g1_microtower:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AACFA1BA-C08E-4659-B6A7-E957DDB72C36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:rp2_retail_system_2000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.24\",\"matchCriteriaId\":\"864FDD6C-D435-4C96-A882-62120DA6E1D0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:rp2_retail_system_2000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56681D4A-2D4B-495F-85E3-635F51E7A63D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:rp2_retail_system_2020_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.24\",\"matchCriteriaId\":\"ACDD5962-2CCE-45F6-97E3-1F962EBD938D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:rp2_retail_system_2020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9270F8AA-88E9-456C-A571-3D2DF1D06363\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:rp2_retail_system_2030_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.24\",\"matchCriteriaId\":\"47F3C45A-3762-4EAB-BFC7-5D2EDD03D760\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:rp2_retail_system_2030:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAC73F0F-09F9-4916-B0DD-DB69D6699CB2\"}]}]}],\"references\":[{\"url\":\"https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.