What is CVE-2022-31644?

CVE-2022-31644 is a high-severity vulnerability in Hp Dragonfly_folio_g3_2-in-1, classified under Incorrect Authorization. CVSS score: 7.8/10. Published 2023-06-14.

How severe is CVE-2022-31644?

High severity. CVSS v3 base score is 7.8 out of 10.

Auth bypass in Hp Dragonfly_folio_g3_2-in-1

CVE-2022-31644

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Vulnerability class: Broken Access Control

EPSS: 0.002 (13.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hp Dragonfly_folio_g3_2-in-1
Hp Dragonfly_folio_g3_2-in-1_firmware — versions 01.01.03
Hp Elitebook_1030_g1
Hp Elitebook_1030_g1_firmware — versions 1.57
Hp Elitebook_1040_g3
Hp Elitebook_1040_g3_firmware — versions 1.57
Hp Elitebook_1040_g4
Hp Elitebook_1040_g4_firmware — versions 1.44
Hp Elitebook_1040_g9
Hp Elitebook_1040_g9_firmware — versions 01.03.01

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

hp-security-alert@hp.com (Vendor Advisory)

Frequently asked questions

What is CVE-2022-31644?: CVE-2022-31644 is a high-severity vulnerability in Hp Dragonfly_folio_g3_2-in-1, classified under Incorrect Authorization. CVSS score: 7.8/10. Published 2023-06-14.
How severe is CVE-2022-31644?: High severity. CVSS v3 base score is 7.8 out of 10.