Attacker Value
Unknown
0
CVE-2022-37018
0
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-37018
(Last updated October 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
MITRE ATT&CK
Select the MITRE ATT&CK Tactics that apply to this CVE
Collection
Select any Techniques used:
Command and Control
Select any Techniques used:
Credential Access
Select any Techniques used:
Defense Evasion
Select any Techniques used:
Discovery
Select any Techniques used:
Execution
Select any Techniques used:
Exfiltration
Select any Techniques used:
Impact
Select any Techniques used:
Initial Access
Select any Techniques used:
Lateral Movement
Select any Techniques used:
Persistence
Select any Techniques used:
Privilege Escalation
Select any Techniques used:
Topic Tags
Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)
What makes this of high-value to an attacker?
What makes this of low-value to an attacker?
Description
A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
8.4 High
Impact Score:
5.9
Exploitability Score:
2.5
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
HP PC BIOS See HP Security Bulletin reference for affected versions.
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Vendors
Products
- elite slice firmware,
- elite x2 1012 g1 firmware,
- elite x2 1012 g2 firmware,
- elitebook 1030 g1 firmware,
- elitebook 1040 g3 firmware,
- elitebook 1040 g4 firmware,
- elitebook 820 g3 firmware,
- elitebook 820 g4 firmware,
- elitebook 828 g3 firmware,
- elitebook 828 g4 firmware,
- elitebook 840 g3 firmware,
- elitebook 840 g4 firmware,
- elitebook 848 g3 firmware,
- elitebook 848 g4 firmware,
- elitebook 850 g3 firmware,
- elitebook 850 g4 firmware,
- elitebook folio g1 firmware,
- elitebook x360 1020 g2 firmware,
- elitebook x360 1030 g2 firmware,
- elitedesk 800 35w g2 desktop mini pc firmware,
- elitedesk 800 35w g3 desktop mini pc firmware,
- elitedesk 800 65w g2 desktop mini pc firmware,
- elitedesk 800 65w g3 desktop mini pc firmware,
- elitedesk 800 g2 sff firmware,
- eliteone 800 g2 aio firmware,
- eliteone 800 g3 firmware,
- engage one aio system firmware,
- mp9 g2 retail system firmware,
- pro x2 612 g2 firmware,
- probook 11 g2 firmware,
- probook 430 g4 firmware,
- probook 440 g3 firmware,
- probook 440 g4 firmware,
- probook 446 g3 firmware,
- probook 450 g4 firmware,
- probook 470 g3 firmware,
- probook 470 g4 firmware,
- probook 640 g2 firmware,
- probook 640 g3 firmware,
- probook 650 g2 firmware,
- probook 650 g3 firmware,
- probook x360 11 g2 firmware,
- prodesk 400 g3 dm firmware,
- prodesk 400 g4 microtower firmware,
- prodesk 400 g4 sff firmware,
- prodesk 480 g4 microtower pc firmware,
- prodesk 600 g2 dm firmware,
- prodesk 600 g2 microtower pc firmware,
- prodesk 600 g2 sff firmware,
- prodesk 600 g3 desktop mini firmware,
- prodesk 600 g3 microtower pc firmware,
- prodesk 600 g3 sff firmware,
- prodesk 680 g2 microtower pc firmware,
- prodesk 680 g3 microtower pc firmware,
- proone 400 g2 aio firmware,
- proone 400 g3 aio firmware,
- proone 480 g3 firmware,
- proone 600 g2 aio firmware,
- proone 600 g3 firmware,
- rp9 g1 retail system firmware,
- z1 g3 firmware,
- z2 mini g3 firmware,
- z238 microtower firmware,
- z240 sff firmware,
- z240 tower firmware,
- zbook 14u g4 firmware,
- zbook 15 g3 firmware,
- zbook 15 g4 firmware,
- zbook 15u g3 firmware,
- zbook 15u g4 firmware,
- zbook 17 g3 firmware,
- zbook 17 g4 firmware,
- zbook studio g3 firmware,
- zbook studio g4 firmware,
- zbook studio x2 g4 firmware
References
Additional Info
Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Rapid7
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
