CVE-2022-23928 : Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation o

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.

Published 2022-03-11 18:15:34

Updated 2022-03-21 18:32:57

Source HP Inc.

View at NVD, CVE.org

Vulnerability category: Denial of serviceInformation leak

Exploit prediction scoring system (EPSS) score for CVE-2022-23928

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 11 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-23928

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	1.5	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

References for CVE-2022-23928

https://support.hp.com/us-en/document/ish_5817864-5817896-16

HP PC BIOS February 2022 Security Updates for 11 Vulnerabilities | HP® Customer Support
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-23928

HP » Pc Bios
Versions before (<) 02.07.10
cpe:2.3:o:hp:pc_bios:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-23928

Exploit prediction scoring system (EPSS) score for CVE-2022-23928

CVSS scores for CVE-2022-23928

References for CVE-2022-23928

Products affected by CVE-2022-23928