Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHpCVE-2017-2751
HistoryOct 03, 2018 - 8:29 p.m.

CVE-2017-2751

2018-10-0320:29:07
CWE-522
hp
web.nvd.nist.gov
30
consumer notebooks
firmware
bios
password extraction
vulnerability
cmos
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Affected configurations

Nvd
Node
hphp_240_g1_firmwareRange<f.48
AND
hphp_240_g1Match-
Node
hphp_245_g1_firmwareRange<f.48
AND
hphp_245_g1Match-
Node
hphp_1000-1300_firmwareRange<f.48
AND
hphp_1000-1300Match-
Node
hphp_250_g1_notebook_pc_firmwareRange<f.47
AND
hphp_250_g1_notebook_pcMatch-
Node
hphp_255_g1_notebook_pc_firmwareRange<f.47
AND
hphp_255_g1_notebook_pcMatch-
Node
hphp_envy_15-j000_firmwareRange<f.22
AND
hphp_envy_15-j000Match-
Node
hphp_envy_15-j100_firmwareRange<f.71
AND
hphp_envy_15-j100Match-
Node
hphp_pavilion_15-n000_firmwareRange<f.72
AND
hphp_pavilion_15-n000Match-
Node
hphp_246_firmwareRange<f.04
AND
hphp_246Match-
Node
hphp_455_firmwareRange<f.08
AND
hphp_455Match-
Node
hphp_envy_17_j100_firmwareRange<f.71
AND
hphp_envy_17_j100Match-
Node
hphp_envy_17-j100_leap_motion_se_firmwareRange<f.71
AND
hphp_envy_17-j100_leap_motion_seMatch-
Node
hphp_split_13-g200_firmwareRange<f.25
AND
hphp_split_13-g200Match-
Node
hphp_envy_100_firmwareRange<f.22
AND
hphp_envy_100Match-
Node
hphp_pavilion_14-n000_firmwareRange<f.72
AND
hphp_pavilion_14-n000Match-
Node
hphp_envy_14-k100_firmwareRange<f.22
AND
hphp_envy_14-k100Match-
Node
hphp_spectre_x2_13-smb_pro_firmwareRange<f.25
AND
hphp_spectre_x2_13-smb_proMatch-
Node
hphp_spectre_13-h200_firmwareRange<f.25
AND
hphp_spectre_13-h200Match-
Node
hphp_pavilion_15-n200_firmwareRange<f.72
AND
hphp_pavilion_15-n200Match-
Node
hphp_pavilion_15-n300_firmwareRange<f.72
AND
hphp_pavilion_15-n300Match-
Node
hphp_envy_m6-n000_firmwareRange<f.26
AND
hphp_envy_m6-n000Match-
Node
hphp_255_g3_firmwareRange<f.45
AND
hphp_255_g3Match-
Node
hphp_14-g000_firmwareRange<f.45
AND
hphp_14-g000Match-
Node
hphp_pavilion_11-n000_firmwareRange<f.2e
AND
hphp_pavilion_11-n000Match-
Node
hphp_15-r000_firmwareRange<f.43
AND
hphp_15-r000Match-
Node
hphp_15-r500_firmwareRange<f.43
AND
hphp_15-r500Match-
Node
hphp_pavilion_10-f000_firmwareRange<f.0e
AND
hphp_pavilion_10-f000Match-
Node
hphp_g14-a000_firmwareRange<f.06
AND
hphp_g14-a000Match-
Node
hphp_14-r000_firmwareRange<f.43
AND
hphp_14-r000Match-
Node
hphp_240_g3_firmwareRange<f.43
AND
hphp_240_g3Match-
Node
hphp_246_g3_firmwareRange<f.43
AND
hphp_246_g3Match-
Node
hpcompaq_cq45-900_firmwareMatch-
AND
hpcompaq_cq45-900Match-
Node
hpcompaq_14-h000_firmwareMatch-
AND
hpcompaq_14-h000Match-
Node
hpcompaq_14-s000_firmwareMatch-
AND
hpcompaq_14-s000Match-
VendorProductVersionCPE
hphp_240_g1_firmware*cpe:2.3:o:hp:hp_240_g1_firmware:*:*:*:*:*:*:*:*
hphp_240_g1-cpe:2.3:h:hp:hp_240_g1:-:*:*:*:*:*:*:*
hphp_245_g1_firmware*cpe:2.3:o:hp:hp_245_g1_firmware:*:*:*:*:*:*:*:*
hphp_245_g1-cpe:2.3:h:hp:hp_245_g1:-:*:*:*:*:*:*:*
hphp_1000-1300_firmware*cpe:2.3:o:hp:hp_1000-1300_firmware:*:*:*:*:*:*:*:*
hphp_1000-1300-cpe:2.3:h:hp:hp_1000-1300:-:*:*:*:*:*:*:*
hphp_250_g1_notebook_pc_firmware*cpe:2.3:o:hp:hp_250_g1_notebook_pc_firmware:*:*:*:*:*:*:*:*
hphp_250_g1_notebook_pc-cpe:2.3:h:hp:hp_250_g1_notebook_pc:-:*:*:*:*:*:*:*
hphp_255_g1_notebook_pc_firmware*cpe:2.3:o:hp:hp_255_g1_notebook_pc_firmware:*:*:*:*:*:*:*:*
hphp_255_g1_notebook_pc-cpe:2.3:h:hp:hp_255_g1_notebook_pc:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 681

CNA Affected

[
  {
    "product": "HP 240 G1 Notebook PC and certain other consumer notebooks",
    "vendor": "HP Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "F.22 and other firmware versions"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
hp 1
prion
prion
Design/Logic Flaw
2018-10-03 20:29:00
cvelist
cvelist
CVE-2017-2751
2018-10-03 20:00:00
nvd
nvd
CVE-2017-2751
2018-10-03 20:29:07
hp
hp
HPSBGN03575 rev. 1 - BIOS Password Extraction Vulnerability on Certain HP Notebooks
2018-01-24 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

30.6%

JSON
Related for CVE-2017-2751
prion1cvelist1nvd1hp1