CVE-2022-43779

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:348_g4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:348_g4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:260_g2_desktop_mini_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:260_g2_desktop_mini:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:218_pro_g5_mt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:218_pro_g5_mt:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:260_g3_desktop_mini_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:260_g3_desktop_mini:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:260_g4_desktop_mini_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:260_g4_desktop_mini:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:280_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:280_g3_microtower_pc:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:280_g3_pci_microtower_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:280_g3_pci_microtower_pc:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:288_pro_g3_microtower_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:288_pro_g3_microtower_pc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:hp:290_g1_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:290_g1_microtower:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:hp:desktop_pro_300_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_300_g3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:hp:desktop_pro_a_300_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_a_300_g3:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:hp:desktop_pro_a_g2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_a_g2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:hp:desktop_pro_a_g2_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_a_g2_microtower:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:hp:desktop_pro_a_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_a_g3:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:hp:desktop_pro_a_g3_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_a_g3_microtower:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:hp:desktop_pro_g3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_g3:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:hp:desktop_pro_g3_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_g3_microtower:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:hp:desktop_pro_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:desktop_pro_microtower:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:hp:zhan_66_pro_a_g1_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zhan_66_pro_a_g1_microtower:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:hp:zhan_66_pro_a_g1_r_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zhan_66_pro_a_g1_r_microtower:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:hp:zhan_66_pro_g1_r_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zhan_66_pro_g1_r_microtower:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:hp:zhan_86_pro_g1_microtower_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:zhan_86_pro_g1_microtower:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:hp:rp2_retail_system_2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:rp2_retail_system_2000:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:hp:rp2_retail_system_2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:rp2_retail_system_2020:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:hp:rp2_retail_system_2030_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:rp2_retail_system_2030:-:*:*:*:*:*:*:*

History

21 Feb 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-02-12 04:15

Updated : 2024-02-04 23:14

NVD link : CVE-2022-43779

Mitre link : CVE-2022-43779

CVE.ORG link : CVE-2022-43779

JSON object : View

Products Affected

rp2_retail_system_2000_firmware
218_pro_g5_mt_firmware
desktop_pro_a_g2_microtower
desktop_pro_microtower_firmware
348_g4
desktop_pro_a_g3_microtower_firmware
rp2_retail_system_2020
280_g3_microtower_pc_firmware
348_g4_firmware
desktop_pro_a_g3
desktop_pro_g3
260_g3_desktop_mini
260_g4_desktop_mini_firmware
rp2_retail_system_2020_firmware
zhan_66_pro_a_g1_r_microtower
desktop_pro_300_g3_firmware
rp2_retail_system_2030_firmware
zhan_66_pro_a_g1_r_microtower_firmware
zhan_86_pro_g1_microtower_firmware
desktop_pro_g3_microtower_firmware
260_g3_desktop_mini_firmware
desktop_pro_a_g3_firmware
desktop_pro_a_300_g3_firmware
288_pro_g3_microtower_pc_firmware
280_g3_pci_microtower_pc_firmware
desktop_pro_g3_microtower
rp2_retail_system_2030
zhan_66_pro_a_g1_microtower_firmware
desktop_pro_a_g3_microtower
desktop_pro_a_300_g3
218_pro_g5_mt
desktop_pro_g3_firmware
260_g2_desktop_mini_firmware
desktop_pro_300_g3
zhan_86_pro_g1_microtower
260_g4_desktop_mini
desktop_pro_a_g2_firmware
rp2_retail_system_2000
290_g1_microtower
zhan_66_pro_g1_r_microtower_firmware
zhan_66_pro_g1_r_microtower
desktop_pro_a_g2
280_g3_pci_microtower_pc
zhan_66_pro_a_g1_microtower
290_g1_microtower_firmware
desktop_pro_microtower
288_pro_g3_microtower_pc
260_g2_desktop_mini
desktop_pro_a_g2_microtower_firmware
280_g3_microtower_pc

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

7.0 /10