CVE-2022-37018 : A potential vulnerability has been identified in the system BIOS for certain HP

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.

Published 2022-12-12 13:15:12

Updated 2022-12-20 19:30:47

Source HP Inc.

View at NVD, CVE.org

Products affected by CVE-2022-37018

HP » Elite Slice Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:elite_slice_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elite Slice » Version: N/A
HP » Elite X2 1012 G1 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elite_x2_1012_g1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elite X2 1012 G1 » Version: N/A
HP » Elitebook 1030 G1 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_1030_g1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 1030 G1 » Version: N/A
HP » Elitebook 820 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_820_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 820 G3 » Version: N/A
HP » Elitebook 828 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_828_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 828 G3 » Version: N/A
HP » Elitebook 840 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_840_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 840 G3 » Version: N/A
HP » Elitebook 848 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_848_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 848 G3 » Version: N/A
HP » Elitebook 850 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_850_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 850 G3 » Version: N/A
HP » Elitebook Folio G1 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_folio_g1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook Folio G1 » Version: N/A
HP » Elitedesk 800 G2 Sff Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:elitedesk_800_g2_sff_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitedesk 800 G2 Sff » Version: N/A
HP » Eliteone 800 G2 Aio Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:eliteone_800_g2_aio_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Eliteone 800 G2 Aio » Version: N/A
HP » Mp9 G2 Retail System Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:mp9_g2_retail_system_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Mp9 G2 Retail System » Version: N/A
HP » Probook 11 G2 Firmware » Education Edition
Versions before (<) 01.58
cpe:2.3:o:hp:probook_11_g2_firmware:*:*:*:*:education:*:*:*
Matching versions
When used together with: HP » Probook 11 G2 » Version: N/A Education Edition
HP » Probook 440 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:probook_440_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 440 G3 » Version: N/A
HP » Probook 470 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:probook_470_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 470 G3 » Version: N/A
HP » Probook 640 G2 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:probook_640_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 640 G2 » Version: N/A
HP » Probook 650 G2 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:probook_650_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 650 G2 » Version: N/A
HP » Prodesk 600 G2 Dm Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:prodesk_600_g2_dm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 600 G2 Dm » Version: N/A
HP » Prodesk 600 G2 Sff Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:prodesk_600_g2_sff_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 600 G2 Sff » Version: N/A
HP » Proone 400 G2 Aio Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:proone_400_g2_aio_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proone 400 G2 Aio » Version: N/A
HP » Proone 600 G2 Aio Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:proone_600_g2_aio_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proone 600 G2 Aio » Version: N/A
HP » Zbook 15 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:zbook_15_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook 15 G3 » Version: N/A
HP » Zbook 15u G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:zbook_15u_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook 15u G3 » Version: N/A
HP » Zbook 17 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:zbook_17_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook 17 G3 » Version: N/A
HP » Zbook Studio G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:zbook_studio_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook Studio G3 » Version: N/A
HP » Z1 G3 Firmware
Versions before (<) 01.33
cpe:2.3:o:hp:z1_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Z1 G3 » Version: N/A
HP » Z2 Mini G3 Firmware
Versions before (<) 01.85
cpe:2.3:o:hp:z2_mini_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Z2 Mini G3 » Version: N/A
HP » Z238 Microtower Firmware
Versions before (<) 01.85
cpe:2.3:o:hp:z238_microtower_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Z238 Microtower » Version: N/A
HP » Z240 Sff Firmware
Versions before (<) 01.85
cpe:2.3:o:hp:z240_sff_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Z240 Sff » Version: N/A
HP » Z240 Tower Firmware
Versions before (<) 01.85
cpe:2.3:o:hp:z240_tower_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Z240 Tower » Version: N/A
HP » Elite X2 1012 G2 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elite_x2_1012_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elite X2 1012 G2 » Version: N/A
HP » Elitebook 1040 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_1040_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 1040 G4 » Version: N/A
HP » Elitebook X360 1020 G2 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_x360_1020_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook X360 1020 G2 » Version: N/A
HP » Elitebook X360 1030 G2 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_x360_1030_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook X360 1030 G2 » Version: N/A
HP » Pro X2 612 G2 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:pro_x2_612_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Pro X2 612 G2 » Version: N/A
HP » Zbook Studio G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:zbook_studio_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook Studio G4 » Version: N/A
HP » Engage One Aio System Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:engage_one_aio_system_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Engage One Aio System » Version: N/A
HP » Rp9 G1 Retail System Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:rp9_g1_retail_system_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Rp9 G1 Retail System » Version: N/A
HP » Elitedesk 800 35w G2 Desktop Mini Pc Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:elitedesk_800_35w_g2_desktop_mini_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitedesk 800 35w G2 Desktop Mini Pc » Version: N/A
HP » Elitedesk 800 35w G3 Desktop Mini Pc Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:elitedesk_800_35w_g3_desktop_mini_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitedesk 800 35w G3 Desktop Mini Pc » Version: N/A
HP » Elitedesk 800 65w G2 Desktop Mini Pc Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:elitedesk_800_65w_g2_desktop_mini_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitedesk 800 65w G2 Desktop Mini Pc » Version: N/A
HP » Elitedesk 800 65w G3 Desktop Mini Pc Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:elitedesk_800_65w_g3_desktop_mini_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitedesk 800 65w G3 Desktop Mini Pc » Version: N/A
HP » Eliteone 800 G3 Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:eliteone_800_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Eliteone 800 G3 » Version: N/A
HP » Prodesk 400 G3 Dm Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_400_g3_dm_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 400 G3 Dm » Version: N/A
HP » Prodesk 400 G4 Microtower Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_400_g4_microtower_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 400 G4 Microtower » Version: N/A
HP » Prodesk 400 G4 Sff Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_400_g4_sff_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 400 G4 Sff » Version: N/A
HP » Prodesk 480 G4 Microtower Pc Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_480_g4_microtower_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 480 G4 Microtower Pc » Version: N/A
HP » Prodesk 600 G2 Microtower Pc Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:prodesk_600_g2_microtower_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 600 G2 Microtower Pc » Version: N/A
HP » Prodesk 600 G3 Desktop Mini Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_600_g3_desktop_mini_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 600 G3 Desktop Mini » Version: N/A
HP » Prodesk 600 G3 Microtower Pc Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_600_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 600 G3 Microtower Pc » Version: N/A
HP » Prodesk 600 G3 Sff Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_600_g3_sff_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 600 G3 Sff » Version: N/A
HP » Prodesk 680 G2 Microtower Pc Firmware
Versions before (<) 02.59
cpe:2.3:o:hp:prodesk_680_g2_microtower_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 680 G2 Microtower Pc » Version: N/A
HP » Prodesk 680 G3 Microtower Pc Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:prodesk_680_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Prodesk 680 G3 Microtower Pc » Version: N/A
HP » Proone 400 G3 Aio Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:proone_400_g3_aio_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proone 400 G3 Aio » Version: N/A
HP » Proone 480 G3 Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:proone_480_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proone 480 G3 » Version: N/A
HP » Proone 600 G3 Firmware
Versions before (<) 02.44
cpe:2.3:o:hp:proone_600_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Proone 600 G3 » Version: N/A
HP » Elitebook 1040 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:elitebook_1040_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 1040 G3 » Version: N/A
HP » Elitebook 820 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_820_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 820 G4 » Version: N/A
HP » Elitebook 828 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_828_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 828 G4 » Version: N/A
HP » Elitebook 840 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_840_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 840 G4 » Version: N/A
HP » Elitebook 848 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_848_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 848 G4 » Version: N/A
HP » Elitebook 850 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:elitebook_850_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Elitebook 850 G4 » Version: N/A
HP » Probook 430 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:probook_430_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 430 G4 » Version: N/A
HP » Probook 440 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:probook_440_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 440 G4 » Version: N/A
HP » Probook 446 G3 Firmware
Versions before (<) 01.58
cpe:2.3:o:hp:probook_446_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 446 G3 » Version: N/A
HP » Probook 450 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:probook_450_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 450 G4 » Version: N/A
HP » Probook 470 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:probook_470_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 470 G4 » Version: N/A
HP » Probook 640 G3 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:probook_640_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 640 G3 » Version: N/A
HP » Probook 650 G3 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:probook_650_g3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Probook 650 G3 » Version: N/A
HP » Probook X360 11 G2 Firmware » Education Edition
Versions before (<) 1.46
cpe:2.3:o:hp:probook_x360_11_g2_firmware:*:*:*:*:education:*:*:*
Matching versions
When used together with: HP » Probook X360 11 G2 » Version: N/A Education Edition
HP » Zbook 14u G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:zbook_14u_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook 14u G4 » Version: N/A
HP » Zbook 15 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:zbook_15_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook 15 G4 » Version: N/A
HP » Zbook 15u G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:zbook_15u_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook 15u G4 » Version: N/A
HP » Zbook 17 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:zbook_17_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook 17 G4 » Version: N/A
HP » Zbook Studio X2 G4 Firmware
Versions before (<) 01.44
cpe:2.3:o:hp:zbook_studio_x2_g4_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: HP » Zbook Studio X2 G4 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-37018

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-37018

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.5	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2022-37018

https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820

HP PC BIOS November 2022 Security Update for Potential Stack Buffer Overflow | HP® Customer Support
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-37018

Products affected by CVE-2022-37018

Exploit prediction scoring system (EPSS) score for CVE-2022-37018

CVSS scores for CVE-2022-37018

References for CVE-2022-37018