CVE-2022-43779 — HIGH (7.0)

Q: How severe is CVE-2022-43779?

CVE-2022-43779 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-43779?

Check the references section above for vendor advisories and patch information. Affected products include: Hp 348 G4 Firmware, Hp 348 G4, Hp 260 G2 Desktop Mini Firmware, Hp 260 G2 Desktop Mini, Hp 218 Pro G5 Mt Firmware.

Vulnerability Description

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	348 G4 Firmware	< f.65
Hp	348 G4	-
Hp	260 G2 Desktop Mini Firmware	< 2.26
Hp	260 G2 Desktop Mini	-
Hp	218 Pro G5 Mt Firmware	< f15
Hp	218 Pro G5 Mt	-
Hp	260 G3 Desktop Mini Firmware	< 02.20.00
Hp	260 G3 Desktop Mini	-
Hp	260 G4 Desktop Mini Firmware	< 02.12.00
Hp	260 G4 Desktop Mini	-
Hp	280 G3 Microtower Pc Firmware	< 02.02.40
Hp	280 G3 Microtower Pc	-
Hp	280 G3 Pci Microtower Pc Firmware	< 02.02.40
Hp	280 G3 Pci Microtower Pc	-
Hp	288 Pro G3 Microtower Pc Firmware	< 00.02.40
Hp	288 Pro G3 Microtower Pc	-
Hp	290 G1 Microtower Firmware	< 00.02.40
Hp	290 G1 Microtower	-
Hp	Desktop Pro 300 G3 Firmware	< f15
Hp	Desktop Pro 300 G3	-

Related Weaknesses (CWE)

CWE-367

References

https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829PatchVendor Advisory
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829PatchVendor Advisory

FAQ

What is CVE-2022-43779?

CVE-2022-43779 is a vulnerability with a CVSS score of 7.0 (HIGH). A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial o...

How severe is CVE-2022-43779?

CVE-2022-43779 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-43779?

Check the references section above for vendor advisories and patch information. Affected products include: Hp 348 G4 Firmware, Hp 348 G4, Hp 260 G2 Desktop Mini Firmware, Hp 260 G2 Desktop Mini, Hp 218 Pro G5 Mt Firmware.