CVE-2022-43779

EUVD-2022-46749
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
hp260_g2_desktop_mini_firmware
𝑥
< 2.26
hp260_g3_desktop_mini_firmware
𝑥
< 02.20.00
hp260_g4_desktop_mini_firmware
𝑥
< 02.12.00
hp280_g3_microtower_pc_firmware
𝑥
< 02.02.40
hp280_g3_pci_microtower_pc_firmware
𝑥
< 02.02.40
hp288_pro_g3_microtower_pc_firmware
𝑥
< 00.02.40
hp290_g1_microtower_firmware
𝑥
< 00.02.40
hpdesktop_pro_microtower_firmware
𝑥
< 00.02.40
hpzhan_86_pro_g1_microtower_firmware
𝑥
< 00.02.40
hprp2_retail_system_2000_firmware
𝑥
< 2.24
hprp2_retail_system_2020_firmware
𝑥
< 2.24
hprp2_retail_system_2030_firmware
𝑥
< 2.24
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829