What is CVE-2022-27537?

CVE-2022-27537 is a high-severity vulnerability in Hp Dragonfly_folio_g3_2-in-1, classified under Code Injection. CVSS score: 7.8/10. Published 2023-02-01.

How severe is CVE-2022-27537?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Hp Dragonfly_folio_g3_2-in-1

CVE-2022-27537

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates t…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.003 (22.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hp Dragonfly_folio_g3_2-in-1
Hp Dragonfly_folio_g3_2-in-1_firmware — versions 01.01.03
Hp Elitebook_1030_g1
Hp Elitebook_1030_g1_firmware — versions 1.57
Hp Elitebook_1040_g3
Hp Elitebook_1040_g3_firmware — versions 1.57
Hp Elitebook_1040_g4
Hp Elitebook_1040_g4_firmware — versions 1.44
Hp Elitebook_1040_g9
Hp Elitebook_1040_g9_firmware — versions 01.03.01

Weakness classification (CWE)

CWE-94 — Code Injection

References

hp-security-alert@hp.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-27537?: CVE-2022-27537 is a high-severity vulnerability in Hp Dragonfly_folio_g3_2-in-1, classified under Code Injection. CVSS score: 7.8/10. Published 2023-02-01.
How severe is CVE-2022-27537?: High severity. CVSS v3 base score is 7.8 out of 10.