Vulnerability Description
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Hp 240 G1 Firmware | < f.48 |
| Hp | Hp 240 G1 | - |
| Hp | Hp 245 G1 Firmware | < f.48 |
| Hp | Hp 245 G1 | - |
| Hp | Hp 1000-1300 Firmware | < f.48 |
| Hp | Hp 1000-1300 | - |
| Hp | Hp 250 G1 Notebook Pc Firmware | < f.47 |
| Hp | Hp 250 G1 Notebook Pc | - |
| Hp | Hp 255 G1 Notebook Pc Firmware | < f.47 |
| Hp | Hp 255 G1 Notebook Pc | - |
| Hp | Hp Envy 15-J000 Firmware | < f.22 |
| Hp | Hp Envy 15-J000 | - |
| Hp | Hp Envy 15-J100 Firmware | < f.71 |
| Hp | Hp Envy 15-J100 | - |
| Hp | Hp Pavilion 15-N000 Firmware | < f.72 |
| Hp | Hp Pavilion 15-N000 | - |
| Hp | Hp 246 Firmware | < f.04 |
| Hp | Hp 246 | - |
| Hp | Hp 455 Firmware | < f.08 |
| Hp | Hp 455 | - |
Related Weaknesses (CWE)
References
- https://support.hp.com/us-en/document/c05913581Vendor Advisory
- https://support.hp.com/us-en/document/c05913581Vendor Advisory
FAQ
What is CVE-2017-2751?
CVE-2017-2751 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. T...
How severe is CVE-2017-2751?
CVE-2017-2751 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2751?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Hp 240 G1 Firmware, Hp Hp 240 G1, Hp Hp 245 G1 Firmware, Hp Hp 245 G1, Hp Hp 1000-1300 Firmware.