CVE-2022-37019 — MEDIUM (6.8)

Q: How severe is CVE-2022-37019?

CVE-2022-37019 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-37019?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Elite Slice Firmware, Hp Elite Slice, Hp Elite Slice For Meeting Rooms Firmware, Hp Elite Slice For Meeting Rooms, Hp Elitebook 1040 G3 Firmware.

Vulnerability Description

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Hp	Elite Slice Firmware	< 00.02.64
Hp	Elite Slice	-
Hp	Elite Slice For Meeting Rooms Firmware	< 00.02.64
Hp	Elite Slice For Meeting Rooms	-
Hp	Elitebook 1040 G3 Firmware	< 01.62
Hp	Elitebook 1040 G3	-
Hp	Elitebook 820 G3 Firmware	< 01.62
Hp	Elitebook 820 G3	-
Hp	Elitebook 828 G3 Firmware	< 01.62
Hp	Elitebook 828 G3	-
Hp	Elitebook 840 G3 Firmware	< 01.62
Hp	Elitebook 840 G3	-
Hp	Elitebook 848 G3 Firmware	< 01.62
Hp	Elitebook 848 G3	-
Hp	Elitebook 850 G3 Firmware	< 01.62
Hp	Elitebook 850 G3	-
Hp	Elitebook Folio G1 Firmware	< 01.62
Hp	Elitebook Folio G1	-
Hp	Elitedesk 800 35W G2 Desktop Mini Pc Firmware	< 00.02.63
Hp	Elitedesk 800 35W G2 Desktop Mini Pc	-

Related Weaknesses (CWE)

CWE-269

References

https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943Vendor Advisory
https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943Vendor Advisory

FAQ

What is CVE-2022-37019?

CVE-2022-37019 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate ...

How severe is CVE-2022-37019?

CVE-2022-37019 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-37019?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Elite Slice Firmware, Hp Elite Slice, Hp Elite Slice For Meeting Rooms Firmware, Hp Elite Slice For Meeting Rooms, Hp Elitebook 1040 G3 Firmware.