HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products
August 10, 2022
HP Discloses High-Severity Vulnerabilities Affecting System BIOS of certain HP PC products
HP issued an announcement stating that vulnerabilities in the system BIOS of select HP PC models have been detected, which may lead to arbitrary code execution, privilege escalation, denial of service, and information leaking.
HP is currently working on the patches and will deploy BIOS upgrades in the future to address these potential vulnerabilities.
The High Severity Vulnerabilities
- CVE-2022-31645 (CVSS 3.1: 8.2, High Severity)
- CVE-2022-31646 (CVSS 3.1: 8.2, High Severity)
- CVE-2022-27537 (CVSS 3.1: 7.8, High Severity)
- CVE-2022-31644 (CVSS 3.1: 7.5, High Severity)
Affected Products
Among the affected products are Business Notebook PCs, Business Desktop PCs, Retail Point-of-Sale systems, Workstations and Thin Client PCs.
The whole product list is available at the advisory.
Mitigation
Although no patches have been released as of yet, CYREBRO strongly recommends users of these products closely follow any update releases from HP.
References: HP Advisory
