CVE-2022-31639 — HIGH (7.8)

Q: How severe is CVE-2022-31639?

CVE-2022-31639 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-31639?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Zcentral 4R Workstation Firmware, Hp Zcentral 4R Workstation, Hp Z1 All-In-One G3 Workstation Firmware, Hp Z1 All-In-One G3 Workstation, Hp Elitebook 725 G4 Firmware.

Vulnerability Description

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Zcentral 4R Workstation Firmware	<= 1.24
Hp	Zcentral 4R Workstation	-
Hp	Z1 All-In-One G3 Workstation Firmware	<= 1.33
Hp	Z1 All-In-One G3 Workstation	-
Hp	Elitebook 725 G4 Firmware	<= 1.42
Hp	Elitebook 725 G4	-
Hp	Elitebook 745 G4 Firmware	<= 1.42
Hp	Elitebook 745 G4	-
Hp	Elitebook 755 G4 Firmware	<= 1.42
Hp	Elitebook 755 G4	-
Hp	Probook 645 G3 Firmware	<= 1.42
Hp	Probook 645 G3	-
Hp	Probook 655 G3 Firmware	<= 1.42
Hp	Probook 655 G3	-
Hp	Mt43 Mobile Thin Client Firmware	<= 1.42
Hp	Mt43 Mobile Thin Client	-
Hp	Elite X2 1012 G2 Firmware	<= 1.43
Hp	Elite X2 1012 G2	-
Hp	Elitebook 1040 G4 Firmware	<= 1.43
Hp	Elitebook 1040 G4	-

Related Weaknesses (CWE)

CWE-367

References

https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814Broken LinkVendor Advisory
https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814Broken LinkVendor Advisory

FAQ

What is CVE-2022-31639?

CVE-2022-31639 is a vulnerability with a CVSS score of 7.8 (HIGH). Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial...

How severe is CVE-2022-31639?

CVE-2022-31639 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-31639?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Zcentral 4R Workstation Firmware, Hp Zcentral 4R Workstation, Hp Z1 All-In-One G3 Workstation Firmware, Hp Z1 All-In-One G3 Workstation, Hp Elitebook 725 G4 Firmware.