CVE-2022-43779

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

*Credits: N/A

CVSS Scores

NISTv3.1 7.0

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-26 CVE Reserved
2023-02-03 CVE Published
2024-08-03 CVE Updated
2024-08-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829	2023-02-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hp Search vendor "Hp"	348 G4 Firmware Search vendor "Hp" for product "348 G4 Firmware"	< f.65 Search vendor "Hp" for product "348 G4 Firmware" and version " < f.65"	-	Affected	in	Hp Search vendor "Hp"	348 G4 Search vendor "Hp" for product "348 G4"	-	-	Safe
Hp Search vendor "Hp"	260 G2 Desktop Mini Firmware Search vendor "Hp" for product "260 G2 Desktop Mini Firmware"	< 2.26 Search vendor "Hp" for product "260 G2 Desktop Mini Firmware" and version " < 2.26"	-	Affected	in	Hp Search vendor "Hp"	260 G2 Desktop Mini Search vendor "Hp" for product "260 G2 Desktop Mini"	-	-	Safe
Hp Search vendor "Hp"	218 Pro G5 Mt Firmware Search vendor "Hp" for product "218 Pro G5 Mt Firmware"	< f15 Search vendor "Hp" for product "218 Pro G5 Mt Firmware" and version " < f15"	-	Affected	in	Hp Search vendor "Hp"	218 Pro G5 Mt Search vendor "Hp" for product "218 Pro G5 Mt"	-	-	Safe
Hp Search vendor "Hp"	260 G3 Desktop Mini Firmware Search vendor "Hp" for product "260 G3 Desktop Mini Firmware"	< 02.20.00 Search vendor "Hp" for product "260 G3 Desktop Mini Firmware" and version " < 02.20.00"	-	Affected	in	Hp Search vendor "Hp"	260 G3 Desktop Mini Search vendor "Hp" for product "260 G3 Desktop Mini"	-	-	Safe
Hp Search vendor "Hp"	260 G4 Desktop Mini Firmware Search vendor "Hp" for product "260 G4 Desktop Mini Firmware"	< 02.12.00 Search vendor "Hp" for product "260 G4 Desktop Mini Firmware" and version " < 02.12.00"	-	Affected	in	Hp Search vendor "Hp"	260 G4 Desktop Mini Search vendor "Hp" for product "260 G4 Desktop Mini"	-	-	Safe
Hp Search vendor "Hp"	280 G3 Microtower Pc Firmware Search vendor "Hp" for product "280 G3 Microtower Pc Firmware"	< 02.02.40 Search vendor "Hp" for product "280 G3 Microtower Pc Firmware" and version " < 02.02.40"	-	Affected	in	Hp Search vendor "Hp"	280 G3 Microtower Pc Search vendor "Hp" for product "280 G3 Microtower Pc"	-	-	Safe
Hp Search vendor "Hp"	280 G3 Pci Microtower Pc Firmware Search vendor "Hp" for product "280 G3 Pci Microtower Pc Firmware"	< 02.02.40 Search vendor "Hp" for product "280 G3 Pci Microtower Pc Firmware" and version " < 02.02.40"	-	Affected	in	Hp Search vendor "Hp"	280 G3 Pci Microtower Pc Search vendor "Hp" for product "280 G3 Pci Microtower Pc"	-	-	Safe
Hp Search vendor "Hp"	288 Pro G3 Microtower Pc Firmware Search vendor "Hp" for product "288 Pro G3 Microtower Pc Firmware"	< 00.02.40 Search vendor "Hp" for product "288 Pro G3 Microtower Pc Firmware" and version " < 00.02.40"	-	Affected	in	Hp Search vendor "Hp"	288 Pro G3 Microtower Pc Search vendor "Hp" for product "288 Pro G3 Microtower Pc"	-	-	Safe
Hp Search vendor "Hp"	290 G1 Microtower Firmware Search vendor "Hp" for product "290 G1 Microtower Firmware"	< 00.02.40 Search vendor "Hp" for product "290 G1 Microtower Firmware" and version " < 00.02.40"	-	Affected	in	Hp Search vendor "Hp"	290 G1 Microtower Search vendor "Hp" for product "290 G1 Microtower"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro 300 G3 Firmware Search vendor "Hp" for product "Desktop Pro 300 G3 Firmware"	< f15 Search vendor "Hp" for product "Desktop Pro 300 G3 Firmware" and version " < f15"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro 300 G3 Search vendor "Hp" for product "Desktop Pro 300 G3"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro A 300 G3 Firmware Search vendor "Hp" for product "Desktop Pro A 300 G3 Firmware"	< f12 Search vendor "Hp" for product "Desktop Pro A 300 G3 Firmware" and version " < f12"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro A 300 G3 Search vendor "Hp" for product "Desktop Pro A 300 G3"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro A G2 Firmware Search vendor "Hp" for product "Desktop Pro A G2 Firmware"	< f.11 Search vendor "Hp" for product "Desktop Pro A G2 Firmware" and version " < f.11"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro A G2 Search vendor "Hp" for product "Desktop Pro A G2"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro A G2 Microtower Firmware Search vendor "Hp" for product "Desktop Pro A G2 Microtower Firmware"	< f.11 Search vendor "Hp" for product "Desktop Pro A G2 Microtower Firmware" and version " < f.11"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro A G2 Microtower Search vendor "Hp" for product "Desktop Pro A G2 Microtower"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro A G3 Firmware Search vendor "Hp" for product "Desktop Pro A G3 Firmware"	< f12 Search vendor "Hp" for product "Desktop Pro A G3 Firmware" and version " < f12"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro A G3 Search vendor "Hp" for product "Desktop Pro A G3"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro A G3 Microtower Firmware Search vendor "Hp" for product "Desktop Pro A G3 Microtower Firmware"	< f12 Search vendor "Hp" for product "Desktop Pro A G3 Microtower Firmware" and version " < f12"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro A G3 Microtower Search vendor "Hp" for product "Desktop Pro A G3 Microtower"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro G3 Firmware Search vendor "Hp" for product "Desktop Pro G3 Firmware"	< f15 Search vendor "Hp" for product "Desktop Pro G3 Firmware" and version " < f15"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro G3 Search vendor "Hp" for product "Desktop Pro G3"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro G3 Microtower Firmware Search vendor "Hp" for product "Desktop Pro G3 Microtower Firmware"	< f15 Search vendor "Hp" for product "Desktop Pro G3 Microtower Firmware" and version " < f15"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro G3 Microtower Search vendor "Hp" for product "Desktop Pro G3 Microtower"	-	-	Safe
Hp Search vendor "Hp"	Desktop Pro Microtower Firmware Search vendor "Hp" for product "Desktop Pro Microtower Firmware"	< 00.02.40 Search vendor "Hp" for product "Desktop Pro Microtower Firmware" and version " < 00.02.40"	-	Affected	in	Hp Search vendor "Hp"	Desktop Pro Microtower Search vendor "Hp" for product "Desktop Pro Microtower"	-	-	Safe
Hp Search vendor "Hp"	Zhan 66 Pro A G1 Microtower Firmware Search vendor "Hp" for product "Zhan 66 Pro A G1 Microtower Firmware"	< f.11 Search vendor "Hp" for product "Zhan 66 Pro A G1 Microtower Firmware" and version " < f.11"	-	Affected	in	Hp Search vendor "Hp"	Zhan 66 Pro A G1 Microtower Search vendor "Hp" for product "Zhan 66 Pro A G1 Microtower"	-	-	Safe
Hp Search vendor "Hp"	Zhan 66 Pro A G1 R Microtower Firmware Search vendor "Hp" for product "Zhan 66 Pro A G1 R Microtower Firmware"	< f12 Search vendor "Hp" for product "Zhan 66 Pro A G1 R Microtower Firmware" and version " < f12"	-	Affected	in	Hp Search vendor "Hp"	Zhan 66 Pro A G1 R Microtower Search vendor "Hp" for product "Zhan 66 Pro A G1 R Microtower"	-	-	Safe
Hp Search vendor "Hp"	Zhan 66 Pro G1 R Microtower Firmware Search vendor "Hp" for product "Zhan 66 Pro G1 R Microtower Firmware"	< f15 Search vendor "Hp" for product "Zhan 66 Pro G1 R Microtower Firmware" and version " < f15"	-	Affected	in	Hp Search vendor "Hp"	Zhan 66 Pro G1 R Microtower Search vendor "Hp" for product "Zhan 66 Pro G1 R Microtower"	-	-	Safe
Hp Search vendor "Hp"	Zhan 86 Pro G1 Microtower Firmware Search vendor "Hp" for product "Zhan 86 Pro G1 Microtower Firmware"	< 00.02.40 Search vendor "Hp" for product "Zhan 86 Pro G1 Microtower Firmware" and version " < 00.02.40"	-	Affected	in	Hp Search vendor "Hp"	Zhan 86 Pro G1 Microtower Search vendor "Hp" for product "Zhan 86 Pro G1 Microtower"	-	-	Safe
Hp Search vendor "Hp"	Rp2 Retail System 2000 Firmware Search vendor "Hp" for product "Rp2 Retail System 2000 Firmware"	< 2.24 Search vendor "Hp" for product "Rp2 Retail System 2000 Firmware" and version " < 2.24"	-	Affected	in	Hp Search vendor "Hp"	Rp2 Retail System 2000 Search vendor "Hp" for product "Rp2 Retail System 2000"	-	-	Safe
Hp Search vendor "Hp"	Rp2 Retail System 2020 Firmware Search vendor "Hp" for product "Rp2 Retail System 2020 Firmware"	< 2.24 Search vendor "Hp" for product "Rp2 Retail System 2020 Firmware" and version " < 2.24"	-	Affected	in	Hp Search vendor "Hp"	Rp2 Retail System 2020 Search vendor "Hp" for product "Rp2 Retail System 2020"	-	-	Safe
Hp Search vendor "Hp"	Rp2 Retail System 2030 Firmware Search vendor "Hp" for product "Rp2 Retail System 2030 Firmware"	< 2.24 Search vendor "Hp" for product "Rp2 Retail System 2030 Firmware" and version " < 2.24"	-	Affected	in	Hp Search vendor "Hp"	Rp2 Retail System 2030 Search vendor "Hp" for product "Rp2 Retail System 2030"	-	-	Safe