Vulnerability Details : CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
Products affected by CVE-2017-2751
- cpe:2.3:o:hp:compaq_cq45-900_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hp:compaq_14-h000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hp:compaq_14-s000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_240_g1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_245_g1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_1000-1300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_250_g1_notebook_pc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_255_g1_notebook_pc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_envy_15-j000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_envy_15-j100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_pavilion_15-n000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_246_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_455_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_envy_17_j100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_envy_17-j100_leap_motion_se_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_split_13-g200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_envy_100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_pavilion_14-n000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_envy_14-k100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_spectre_x2_13-smb_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_spectre_13-h200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_pavilion_15-n200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_pavilion_15-n300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_envy_m6-n000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_255_g3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_14-g000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_pavilion_11-n000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_15-r000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_15-r500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_pavilion_10-f000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_g14-a000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_14-r000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_240_g3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hp:hp_246_g3_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-2751
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-2751
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST |
CWE ids for CVE-2017-2751
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-2751
-
https://support.hp.com/us-en/document/c05913581
HPSBGN03575 rev. 1 - BIOS Password Extraction Vulnerability on Certain HP Notebooks | HP® Customer SupportVendor Advisory
Jump to