CVE-2022-31642

HIGH

HP PC Products - RCE, Privilege Escalation, DoS, Info Disclosure

Title source: llm

Description

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805

Scores

CVSS v3 7.0

EPSS 0.0013

EPSS Percentile 31.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-367

Status published

Products (50)

hp/elite_dragonfly_firmware < 01.21.01

hp/elite_dragonfly_g2_firmware < 01.09.10

hp/elite_dragonfly_g3_firmware < 01.03.01

hp/elite_dragonfly_max_firmware < 01.09.10

hp/elite_mini_600_g9_firmware < 02.05.00

hp/elite_mini_800_g9_firmware < 02.05.00

hp/elite_sff_600_g9_firmware < 02.05.01

hp/elite_sff_800_g9_firmware < 02.05.01

hp/elite_slice_g2_firmware < 2.58

hp/elite_tower_600_g9_firmware < 02.05.01

... and 40 more

Published Jun 14, 2023

Tracked Since Feb 18, 2026