{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-37020","assignerOrgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","state":"PUBLISHED","assignerShortName":"hp","dateReserved":"2022-07-28T22:58:23.255Z","datePublished":"2024-06-10T22:13:26.904Z","dateUpdated":"2024-10-28T18:34:17.212Z"},"containers":{"cna":{"title":"HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows","descriptions":[{"lang":"en","value":"Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities."}],"affected":[{"vendor":"HP Inc.","product":"HP PC products","defaultStatus":"affected","versions":[{"version":"See HP security bulletin reference for affected versions","status":"affected"}]}],"references":[{"url":"https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943"}],"providerMetadata":{"orgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","shortName":"hp","dateUpdated":"2024-06-10T22:13:26.904Z"},"x_generator":{"engine":"cveClient/1.0.15"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T10:21:32.586Z"},"title":"CVE Program Container","references":[{"url":"https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.8,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-21T16:51:07.963158Z","id":"CVE-2022-37020","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-28T18:34:17.212Z"}}]}}