{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-37018","assignerOrgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","state":"PUBLISHED","assignerShortName":"hp","requesterUserId":"e0158710-d811-4b94-9318-6cef34bebe03","dateReserved":"2022-07-28T22:58:23.254Z","datePublished":"2022-11-21T21:02:37.037Z","dateUpdated":"2025-04-29T04:48:11.747Z"},"containers":{"cna":{"descriptions":[{"lang":"en","value":"A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability."}],"affected":[{"versions":[{"version":"See HP Security Bulletin reference for affected versions.","status":"affected"}],"product":"HP PC BIOS","vendor":"HP Inc."}],"references":[{"url":"https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820"}],"providerMetadata":{"orgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","shortName":"hp","dateUpdated":"2022-12-12T12:11:04.548Z"},"x_generator":{"engine":"cveClient/1.0.13"},"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T10:21:32.459Z"},"title":"CVE Program Container","references":[{"url":"https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-276","lang":"en","description":"CWE-276 Incorrect Default Permissions"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.4,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-29T04:47:24.232206Z","id":"CVE-2022-37018","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-29T04:48:11.747Z"}}]}}