CVE-2017-2751
First published: Wed Oct 03 2018(Updated: )
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| hp hp 240 g1 firmware | <f.48 | |
| HP 240 G1 | ||
| HP 245 G1 Firmware | <f.48 | |
| HP 245 G1 Firmware | ||
| HP 1000-1300 Firmware | <f.48 | |
| HP 1000-1300 Firmware | ||
| HP 250 G1 Notebook PC Firmware | <f.47 | |
| HP 250 G1 Notebook PC | ||
| HP 255 G1 Notebook PC Firmware | <f.47 | |
| HP 255 G1 Notebook PC Firmware | ||
| HP Envy 15-j000 Firmware | <f.22 | |
| HP Envy 15-j000 Firmware | ||
| hp hp envy 15-j100 firmware | <f.71 | |
| HP Envy 15-j100 | ||
| HP Pavilion 15-n000 | <f.72 | |
| HP Pavilion 15-n000 | ||
| HP 246 Firmware | <f.04 | |
| HP 246 G3 | ||
| hp 455 firmware | <f.08 | |
| hp 455 firmware | ||
| HP Envy 17-j100 Leap Motion SE Firmware | <f.71 | |
| HP Envy 17-j100 Leap Motion SE Firmware | ||
| HP Envy 17-j100 Leap Motion SE Firmware | <f.71 | |
| HP Envy 17-j100 Leap Motion SE Firmware | ||
| HP Split 13-g200 | <f.25 | |
| HP Split 13-g200 | ||
| hp envy 100 firmware | <f.22 | |
| HP Envy 100 | ||
| HP Pavilion 14-n000 Firmware | <f.72 | |
| HP Pavilion 14-n000 | ||
| HP Envy 14-k100 Firmware | <f.22 | |
| HP Envy 14-k100 Firmware | ||
| HP Spectre x2 13-smb Pro | <f.25 | |
| hp hp spectre x2 13-smb pro | ||
| HP Spectre 13-h200 Firmware | <f.25 | |
| HP Spectre 13-h200 Firmware | ||
| HP Pavilion 15-n200 Firmware | <f.72 | |
| HP Pavilion 15-n200 Firmware | ||
| HP Pavilion 15-n300 Firmware | <f.72 | |
| HP Pavilion 15-n300 Firmware | ||
| HP Envy m6-n000 | <f.26 | |
| HP Envy m6-n000 Firmware | ||
| HP 255 G3 | <f.45 | |
| HP 255 G3 | ||
| HP 14-g000 Firmware | <f.45 | |
| HP 14-g000 Firmware | ||
| HP Pavilion 11-n000 Firmware | <f.2e | |
| HP Pavilion 11-n000 Firmware | ||
| HP 15-r000 Firmware | <f.43 | |
| HP 15-r000 Firmware | ||
| HP 15-r500 | <f.43 | |
| HP 15-r500 | ||
| hp hp pavilion 10-f000 firmware | <f.0e | |
| hp hp pavilion 10-f000 | ||
| HP G14-A000 Firmware | <f.06 | |
| HP G14-A000 Firmware | ||
| HP 14-r000 Firmware | <f.43 | |
| HP 14-r000 | ||
| HP 240 G3 Firmware | <f.43 | |
| HP HP 240 G3 Firmware | ||
| HP 246 Firmware | <f.43 | |
| HP 246 G3 Firmware | ||
| HP Compaq CQ45-900 | ||
| HP Compaq CQ45-900 Firmware | ||
| HP Compaq 14-h000 | ||
| HP Compaq 14-h000 | ||
| HP Compaq 14-s000 Firmware | ||
| HP Compaq 14-s000 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2751?
CVE-2017-2751 is considered a medium severity vulnerability as it allows unauthorized access to stored BIOS passwords.
How do I fix CVE-2017-2751?
To fix CVE-2017-2751, update the BIOS firmware to the latest version provided by HP that addresses this vulnerability.
Which HP notebooks are affected by CVE-2017-2751?
CVE-2017-2751 affects several HP consumer notebooks launched in early 2014 with specific firmware versions, including HP 240 G1, 245 G1, and Envy models.
What is the impact of CVE-2017-2751 on system security?
The impact of CVE-2017-2751 is significant, as it potentially allows attackers to extract BIOS passwords, compromising the security of the affected systems.
How can I determine if my firmware version is vulnerable to CVE-2017-2751?
You can determine if your firmware version is vulnerable to CVE-2017-2751 by checking the BIOS version against the list of affected versions provided by HP.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp hp 240 g1 firmware
- canonical/hp 240 g1
- canonical/hp 245 g1 firmware
- canonical/hp 1000-1300 firmware
- canonical/hp 250 g1 notebook pc firmware
- canonical/hp 250 g1 notebook pc
- canonical/hp 255 g1 notebook pc firmware
- canonical/hp envy 15-j000 firmware
- canonical/hp hp envy 15-j100 firmware
- canonical/hp envy 15-j100
- canonical/hp pavilion 15-n000
- canonical/hp 246 firmware
- canonical/hp 246 g3
- canonical/hp 455 firmware
- canonical/hp envy 17-j100 leap motion se firmware
- canonical/hp split 13-g200
- canonical/hp envy 100 firmware
- canonical/hp envy 100
- canonical/hp pavilion 14-n000 firmware
- canonical/hp pavilion 14-n000
- canonical/hp envy 14-k100 firmware
- canonical/hp spectre x2 13-smb pro
- canonical/hp hp spectre x2 13-smb pro
- canonical/hp spectre 13-h200 firmware
- canonical/hp pavilion 15-n200 firmware
- canonical/hp pavilion 15-n300 firmware
- canonical/hp envy m6-n000
- canonical/hp envy m6-n000 firmware
- canonical/hp 255 g3
- canonical/hp 14-g000 firmware
- canonical/hp pavilion 11-n000 firmware
- canonical/hp 15-r000 firmware
- canonical/hp 15-r500
- canonical/hp hp pavilion 10-f000 firmware
- canonical/hp hp pavilion 10-f000
- canonical/hp g14-a000 firmware
- canonical/hp 14-r000 firmware
- canonical/hp 14-r000
- canonical/hp 240 g3 firmware
- canonical/hp hp 240 g3 firmware
- canonical/hp 246 g3 firmware
- canonical/hp compaq cq45-900
- canonical/hp compaq cq45-900 firmware
- canonical/hp compaq 14-h000
- canonical/hp compaq 14-s000 firmware