CVE-2022-37019

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943	Vendor Advisory
https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:elite_slice_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elite_slice:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:elite_slice_for_meeting_rooms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elite_slice_for_meeting_rooms:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:elitebook_1040_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitebook_1040_g3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:elitebook_820_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitebook_820_g3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:elitebook_828_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitebook_828_g3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:elitebook_840_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitebook_840_g3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:elitebook_848_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitebook_848_g3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:elitebook_850_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitebook_850_g3:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:hp:elitebook_folio_g1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitebook_folio_g1:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:hp:elitedesk_800_35w_g2_desktop_mini_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitedesk_800_35w_g2_desktop_mini_pc:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:hp:elitedesk_800_65w_g2_desktop_mini_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitedesk_800_65w_g2_desktop_mini_pc:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:hp:mp9_g2_retail_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:mp9_g2_retail_system:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:hp:probook_440_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:probook_440_g3:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:hp:probook_446_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:probook_446_g3:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:hp:probook_470_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:probook_470_g3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:hp:probook_640_g2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:probook_640_g2:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:hp:probook_650_g2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:probook_650_g2:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:hp:rp9_g1_retail_system_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:rp9_g1_retail_system:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:hp:z2_mini_g3_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_mini_g3_workstation:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:hp:z238_microtower_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z238_microtower_workstation:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:hp:z240_small_form_factor_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z240_small_form_factor_workstation:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:hp:z240_tower_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z240_tower_workstation:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:hp:zbook_15_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zbook_15_g3:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:hp:zbook_15u_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zbook_15u_g3:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:hp:zbook_17_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zbook_17_g3:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:hp:zbook_studio_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zbook_studio_g3:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-06-10 23:15

Updated : 2026-01-14 16:40

NVD link : CVE-2022-37019

Mitre link : CVE-2022-37019

CVE.ORG link : CVE-2022-37019

JSON object : View

Products Affected

probook_440_g3
zbook_15u_g3_firmware
zbook_15u_g3
probook_650_g2
mp9_g2_retail_system_firmware
z238_microtower_workstation_firmware
elitedesk_800_35w_g2_desktop_mini_pc_firmware
elite_slice
elitedesk_800_35w_g2_desktop_mini_pc
elitebook_840_g3_firmware
probook_446_g3
elite_slice_for_meeting_rooms_firmware
elitebook_820_g3
probook_440_g3_firmware
rp9_g1_retail_system
elitebook_folio_g1
zbook_studio_g3_firmware
zbook_studio_g3
elitebook_848_g3_firmware
elitebook_848_g3
elitedesk_800_65w_g2_desktop_mini_pc_firmware
mp9_g2_retail_system
z240_small_form_factor_workstation_firmware
z240_tower_workstation_firmware
z240_tower_workstation
elitebook_828_g3_firmware
elitebook_folio_g1_firmware
elitebook_1040_g3
zbook_15_g3_firmware
elitedesk_800_65w_g2_desktop_mini_pc
zbook_17_g3
probook_470_g3_firmware
zbook_15_g3
elitebook_840_g3
elitebook_820_g3_firmware
z238_microtower_workstation
probook_446_g3_firmware
elitebook_1040_g3_firmware
elite_slice_firmware
elitebook_850_g3_firmware
zbook_17_g3_firmware
z240_small_form_factor_workstation
probook_640_g2_firmware
probook_640_g2
rp9_g1_retail_system_firmware
elitebook_828_g3
elite_slice_for_meeting_rooms
probook_470_g3
probook_650_g2_firmware
z2_mini_g3_workstation_firmware
z2_mini_g3_workstation
elitebook_850_g3

CWE

CWE-269

Improper Privilege Management

6.8 /10