7
CVE-2022-43779
- EPSS 0.14%
- Veröffentlicht 12.02.2023 04:15:16
- Zuletzt bearbeitet 25.03.2025 21:15:37
- Quelle hp-security-alert@hp.com
- Teams Watchlist Login
- Unerledigt Login
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp ≫ 348 G4 Firmware Version < f.65
Hp ≫ 260 G2 Desktop Mini Firmware Version < 2.26
Hp ≫ 218 Pro G5 Mt Firmware Version < f15
Hp ≫ 260 G3 Desktop Mini Firmware Version < 02.20.00
Hp ≫ 260 G4 Desktop Mini Firmware Version < 02.12.00
Hp ≫ 280 G3 Microtower Pc Firmware Version < 02.02.40
Hp ≫ 280 G3 Pci Microtower Pc Firmware Version < 02.02.40
Hp ≫ 288 Pro G3 Microtower Pc Firmware Version < 00.02.40
Hp ≫ 290 G1 Microtower Firmware Version < 00.02.40
Hp ≫ Desktop Pro 300 G3 Firmware Version < f15
Hp ≫ Desktop Pro A 300 G3 Firmware Version < f12
Hp ≫ Desktop Pro A G2 Firmware Version < f.11
Hp ≫ Desktop Pro A G2 Microtower Firmware Version < f.11
Hp ≫ Desktop Pro A G3 Firmware Version < f12
Hp ≫ Desktop Pro A G3 Microtower Firmware Version < f12
Hp ≫ Desktop Pro G3 Firmware Version < f15
Hp ≫ Desktop Pro G3 Microtower Firmware Version < f15
Hp ≫ Desktop Pro Microtower Firmware Version < 00.02.40
Hp ≫ Zhan 66 Pro A G1 Microtower Firmware Version < f.11
Hp ≫ Zhan 66 Pro A G1 R Microtower Firmware Version < f12
Hp ≫ Zhan 66 Pro G1 R Microtower Firmware Version < f15
Hp ≫ Zhan 86 Pro G1 Microtower Firmware Version < 00.02.40
Hp ≫ Rp2 Retail System 2000 Firmware Version < 2.24
Hp ≫ Rp2 Retail System 2020 Firmware Version < 2.24
Hp ≫ Rp2 Retail System 2030 Firmware Version < 2.24
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.312 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.