Vulnerability Description
A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Z1 G3 Firmware | < 01.33 |
| Hp | Z1 G3 | - |
| Hp | Z2 Mini G3 Firmware | < 01.85 |
| Hp | Z2 Mini G3 | - |
| Hp | Z238 Microtower Firmware | < 01.85 |
| Hp | Z238 Microtower | - |
| Hp | Z240 Sff Firmware | < 01.85 |
| Hp | Z240 Sff | - |
| Hp | Z240 Tower Firmware | < 01.85 |
| Hp | Z240 Tower | - |
| Hp | Engage One Aio System Firmware | < 02.44 |
| Hp | Engage One Aio System | - |
| Hp | Mp9 G2 Retail System Firmware | < 02.59 |
| Hp | Mp9 G2 Retail System | - |
| Hp | Rp9 G1 Retail System Firmware | < 02.59 |
| Hp | Rp9 G1 Retail System | - |
| Hp | Elite Slice Firmware | < 02.59 |
| Hp | Elite Slice | - |
| Hp | Elitedesk 800 35W G2 Desktop Mini Pc Firmware | < 02.59 |
| Hp | Elitedesk 800 35W G2 Desktop Mini Pc | - |
Related Weaknesses (CWE)
References
- https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820PatchVendor Advisory
- https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820PatchVendor Advisory
FAQ
What is CVE-2022-37018?
CVE-2022-37018 is a vulnerability with a CVSS score of 8.4 (HIGH). A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate th...
How severe is CVE-2022-37018?
CVE-2022-37018 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37018?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Z1 G3 Firmware, Hp Z1 G3, Hp Z2 Mini G3 Firmware, Hp Z2 Mini G3, Hp Z238 Microtower Firmware.