CVE-2022-43779
First published: Fri Feb 03 2023(Updated: )
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hp 348 G4 Firmware | <f.65 | |
| Hp 348 G4 | ||
| Hp 260 G2 Desktop Mini Firmware | <2.26 | |
| Hp 260 G2 Desktop Mini | ||
| Hp 218 Pro G5 Mt Firmware | <f15 | |
| Hp 218 Pro G5 Mt | ||
| Hp 260 G3 Desktop Mini Firmware | <02.20.00 | |
| Hp 260 G3 Desktop Mini | ||
| Hp 260 G4 Desktop Mini Firmware | <02.12.00 | |
| Hp 260 G4 Desktop Mini | ||
| Hp 280 G3 Microtower Pc Firmware | <02.02.40 | |
| Hp 280 G3 Microtower Pc | ||
| Hp 280 G3 Pci Microtower Pc Firmware | <02.02.40 | |
| Hp 280 G3 Pci Microtower Pc | ||
| Hp 288 Pro G3 Microtower Pc Firmware | <00.02.40 | |
| Hp 288 Pro G3 Microtower Pc | ||
| Hp 290 G1 Microtower Firmware | <00.02.40 | |
| Hp 290 G1 Microtower | ||
| Hp Desktop Pro 300 G3 Firmware | <f15 | |
| Hp Desktop Pro 300 G3 | ||
| Hp Desktop Pro A 300 G3 Firmware | <f12 | |
| Hp Desktop Pro A 300 G3 | ||
| Hp Desktop Pro A G2 Firmware | <f.11 | |
| Hp Desktop Pro A G2 | ||
| Hp Desktop Pro A G2 Microtower Firmware | <f.11 | |
| Hp Desktop Pro A G2 Microtower | ||
| Hp Desktop Pro A G3 Firmware | <f12 | |
| Hp Desktop Pro A G3 | ||
| Hp Desktop Pro A G3 Microtower Firmware | <f12 | |
| Hp Desktop Pro A G3 Microtower | ||
| Hp Desktop Pro G3 Firmware | <f15 | |
| Hp Desktop Pro G3 | ||
| Hp Desktop Pro G3 Microtower Firmware | <f15 | |
| Hp Desktop Pro G3 Microtower | ||
| Hp Desktop Pro Microtower Firmware | <00.02.40 | |
| Hp Desktop Pro Microtower | ||
| Hp Zhan 66 Pro A G1 Microtower Firmware | <f.11 | |
| Hp Zhan 66 Pro A G1 Microtower | ||
| Hp Zhan 66 Pro A G1 R Microtower Firmware | <f12 | |
| Hp Zhan 66 Pro A G1 R Microtower | ||
| Hp Zhan 66 Pro G1 R Microtower Firmware | <f15 | |
| Hp Zhan 66 Pro G1 R Microtower | ||
| Hp Zhan 86 Pro G1 Microtower Firmware | <00.02.40 | |
| Hp Zhan 86 Pro G1 Microtower | ||
| Hp Rp2 Retail System 2000 Firmware | <2.24 | |
| Hp Rp2 Retail System 2000 | ||
| Hp Rp2 Retail System 2020 Firmware | <2.24 | |
| Hp Rp2 Retail System 2020 | ||
| Hp Rp2 Retail System 2030 Firmware | <2.24 | |
| Hp Rp2 Retail System 2030 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-43779?
CVE-2022-43779 is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability identified in certain HP PC products using AMI UEFI Firmware, which can lead to arbitrary code execution, denial of service, and information disclosure.
How severe is CVE-2022-43779?
CVE-2022-43779 has a severity rating of 7 (High).
Which HP PC products are affected by CVE-2022-43779?
Certain HP PC products using AMI UEFI Firmware are affected by CVE-2022-43779. Please refer to the official HP advisory for a complete list.
How can I mitigate CVE-2022-43779?
To mitigate CVE-2022-43779, HP has released updates for the affected HP PC products. Please refer to the official HP advisory for specific instructions and firmware updates.
Where can I find more information about CVE-2022-43779?
You can find more information about CVE-2022-43779, including detailed advisory and remediation steps, on the official HP support website.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hp
- canonical/hp 348 g4 firmware
- canonical/hp 348 g4
- canonical/hp 260 g2 desktop mini firmware
- canonical/hp 260 g2 desktop mini
- canonical/hp 218 pro g5 mt firmware
- canonical/hp 218 pro g5 mt
- canonical/hp 260 g3 desktop mini firmware
- canonical/hp 260 g3 desktop mini
- canonical/hp 260 g4 desktop mini firmware
- canonical/hp 260 g4 desktop mini
- canonical/hp 280 g3 microtower pc firmware
- canonical/hp 280 g3 microtower pc
- canonical/hp 280 g3 pci microtower pc firmware
- canonical/hp 280 g3 pci microtower pc
- canonical/hp 288 pro g3 microtower pc firmware
- canonical/hp 288 pro g3 microtower pc
- canonical/hp 290 g1 microtower firmware
- canonical/hp 290 g1 microtower
- canonical/hp desktop pro 300 g3 firmware
- canonical/hp desktop pro 300 g3
- canonical/hp desktop pro a 300 g3 firmware
- canonical/hp desktop pro a 300 g3
- canonical/hp desktop pro a g2 firmware
- canonical/hp desktop pro a g2
- canonical/hp desktop pro a g2 microtower firmware
- canonical/hp desktop pro a g2 microtower
- canonical/hp desktop pro a g3 firmware
- canonical/hp desktop pro a g3
- canonical/hp desktop pro a g3 microtower firmware
- canonical/hp desktop pro a g3 microtower
- canonical/hp desktop pro g3 firmware
- canonical/hp desktop pro g3
- canonical/hp desktop pro g3 microtower firmware
- canonical/hp desktop pro g3 microtower
- canonical/hp desktop pro microtower firmware
- canonical/hp desktop pro microtower
- canonical/hp zhan 66 pro a g1 microtower firmware
- canonical/hp zhan 66 pro a g1 microtower
- canonical/hp zhan 66 pro a g1 r microtower firmware
- canonical/hp zhan 66 pro a g1 r microtower
- canonical/hp zhan 66 pro g1 r microtower firmware
- canonical/hp zhan 66 pro g1 r microtower
- canonical/hp zhan 86 pro g1 microtower firmware
- canonical/hp zhan 86 pro g1 microtower
- canonical/hp rp2 retail system 2000 firmware
- canonical/hp rp2 retail system 2000
- canonical/hp rp2 retail system 2020 firmware
- canonical/hp rp2 retail system 2020
- canonical/hp rp2 retail system 2030 firmware
- canonical/hp rp2 retail system 2030