CVE-2022-43779

🗓️ 03 Feb 2023 16:42:10Reported by hpType

A TOCTOU vulnerability in certain HP PC products using AMI UEFI Firmware may allow arbitrary code execution, denial of service, and information disclosure

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2022-43779	25 Mar 202521:25	–	circl
CNNVD	HP PC 安全漏洞	12 Feb 202300:00	–	cnnvd
Cvelist	CVE-2022-43779	3 Feb 202316:42	–	cvelist
EUVD	EUVD-2022-46749	3 Oct 202520:07	–	euvd
Hewlett-Packard	AMI UEFI Firmware December 2022 Security Update (TOCTOU)	16 Dec 202200:00	–	hp
NVD	CVE-2022-43779	12 Feb 202304:15	–	nvd
Prion	Information disclosure	12 Feb 202304:15	–	prion
RedhatCVE	CVE-2022-43779	23 May 202500:07	–	redhatcve
Vulnrichment	CVE-2022-43779	3 Feb 202316:42	–	vulnrichment

NVD

Node

hp 348_g4_firmwareRange<f.65

AND

hp 348_g4Match-

Node

hp 260_g2_desktop_mini_firmwareRange<2.26

AND

hp 260_g2_desktop_miniMatch-

Node

hp 218_pro_g5_mt_firmwareRange<f15

AND

hp 218_pro_g5_mtMatch-

Node

hp 260_g3_desktop_mini_firmwareRange<02.20.00

AND

hp 260_g3_desktop_miniMatch-

Node

hp 260_g4_desktop_mini_firmwareRange<02.12.00

AND

hp 260_g4_desktop_miniMatch-

Node

hp 280_g3_microtower_pc_firmwareRange<02.02.40

AND

hp 280_g3_microtower_pcMatch-

Node

hp 280_g3_pci_microtower_pc_firmwareRange<02.02.40

AND

hp 280_g3_pci_microtower_pcMatch-

Node

hp 288_pro_g3_microtower_pc_firmwareRange<00.02.40

AND

hp 288_pro_g3_microtower_pcMatch-

Node

hp 290_g1_microtower_firmwareRange<00.02.40

AND

hp 290_g1_microtowerMatch-

Node

hp desktop_pro_300_g3_firmwareRange<f15

AND

hp desktop_pro_300_g3Match-

Node

hp desktop_pro_a_300_g3_firmwareRange<f12

AND

hp desktop_pro_a_300_g3Match-

Node

hp desktop_pro_a_g2_firmwareRange<f.11

AND

hp desktop_pro_a_g2Match-

Node

hp desktop_pro_a_g2_microtower_firmwareRange<f.11

AND

hp desktop_pro_a_g2_microtowerMatch-

Node

hp desktop_pro_a_g3_firmwareRange<f12

AND

hp desktop_pro_a_g3Match-

Node

hp desktop_pro_a_g3_microtower_firmwareRange<f12

AND

hp desktop_pro_a_g3_microtowerMatch-

Node

hp desktop_pro_g3_firmwareRange<f15

AND

hp desktop_pro_g3Match-

Node

hp desktop_pro_g3_microtower_firmwareRange<f15

AND

hp desktop_pro_g3_microtowerMatch-

Node

hp desktop_pro_microtower_firmwareRange<00.02.40

AND

hp desktop_pro_microtowerMatch-

Node

hp zhan_66_pro_a_g1_microtower_firmwareRange<f.11

AND

hp zhan_66_pro_a_g1_microtowerMatch-

Node

hp zhan_66_pro_a_g1_r_microtower_firmwareRange<f12

AND

hp zhan_66_pro_a_g1_r_microtowerMatch-

Node

hp zhan_66_pro_g1_r_microtower_firmwareRange<f15

AND

hp zhan_66_pro_g1_r_microtowerMatch-

Node

hp zhan_86_pro_g1_microtower_firmwareRange<00.02.40

AND

hp zhan_86_pro_g1_microtowerMatch-

Node

hp rp2_retail_system_2000_firmwareRange<2.24

AND

hp rp2_retail_system_2000Match-

Node

hp rp2_retail_system_2020_firmwareRange<2.24

AND

hp rp2_retail_system_2020Match-

Node

hp rp2_retail_system_2030_firmwareRange<2.24

AND

hp rp2_retail_system_2030Match-

[
  {
    "versions": [
      {
        "version": "See HP Security Bulletin reference for affected versions.",
        "status": "affected"
      }
    ],
    "product": "HP PC products using AMI UEFI Firmware",
    "vendor": "HP Inc."
  }
]

Source	Link
support	www.support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829

25 Mar 2025 21:15Current

7High risk

Vulners AI Score7

CVSS 3.17

EPSS0.00071

SSVC

CWE-367

toctou vulnerability hp pc ami uefi firmware arbitrary code execution denial of service information disclosure