Multiple vulnerabilities in HP PC BIOS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-23958 CVE-2022-23956 CVE-2022-23953 CVE-2022-23954 CVE-2022-23955 CVE-2022-23957 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
HP ProBook 440 G8 Notebook PC Hardware solutions / Firmware HP ProDesk 405 G6 Small Form Factor PC Hardware solutions / Firmware PC BIOS Hardware solutions / Firmware |
| Vendor | HP Development Company |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU61026
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23958
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP ProBook 440 G8 Notebook PC: All versions
HP ProDesk 405 G6 Small Form Factor PC: All versions
PC BIOS: before 01.08.11
CPE2.3- cpe:2.3:h:hp_development_company:hp_probook_440_g8_notebook_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:hp_prodesk_405_g6_small_form_factor_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:pc_bios:*:*:*:*:*:*:*:
http://support.hp.com/us-en/document/ish_5818692-5818718-16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU61031
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23956
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP ProBook 440 G8 Notebook PC: All versions
HP ProDesk 405 G6 Small Form Factor PC: All versions
PC BIOS: before 01.08.11
CPE2.3- cpe:2.3:h:hp_development_company:hp_probook_440_g8_notebook_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:hp_prodesk_405_g6_small_form_factor_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:pc_bios:*:*:*:*:*:*:*:
http://support.hp.com/us-en/document/ish_5818692-5818718-16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU61030
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23953
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP ProBook 440 G8 Notebook PC: All versions
HP ProDesk 405 G6 Small Form Factor PC: All versions
PC BIOS: before 01.08.11
CPE2.3- cpe:2.3:h:hp_development_company:hp_probook_440_g8_notebook_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:hp_prodesk_405_g6_small_form_factor_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:pc_bios:*:*:*:*:*:*:*:
http://support.hp.com/us-en/document/ish_5818692-5818718-16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU61029
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23954
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP ProBook 440 G8 Notebook PC: All versions
HP ProDesk 405 G6 Small Form Factor PC: All versions
PC BIOS: before 01.08.11
CPE2.3- cpe:2.3:h:hp_development_company:hp_probook_440_g8_notebook_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:hp_prodesk_405_g6_small_form_factor_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:pc_bios:*:*:*:*:*:*:*:
http://support.hp.com/us-en/document/ish_5818692-5818718-16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU61028
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23955
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP ProBook 440 G8 Notebook PC: All versions
HP ProDesk 405 G6 Small Form Factor PC: All versions
PC BIOS: before 01.08.11
CPE2.3- cpe:2.3:h:hp_development_company:hp_probook_440_g8_notebook_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:hp_prodesk_405_g6_small_form_factor_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:pc_bios:*:*:*:*:*:*:*:
http://support.hp.com/us-en/document/ish_5818692-5818718-16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU61027
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23957
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHP ProBook 440 G8 Notebook PC: All versions
HP ProDesk 405 G6 Small Form Factor PC: All versions
PC BIOS: before 01.08.11
CPE2.3- cpe:2.3:h:hp_development_company:hp_probook_440_g8_notebook_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:hp_prodesk_405_g6_small_form_factor_pc:*:*:*:*:*:*:*:
- cpe:2.3:h:hp_development_company:pc_bios:*:*:*:*:*:*:*:
http://support.hp.com/us-en/document/ish_5818692-5818718-16
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
