Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-2751

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Published

2018-10-03T20:29:07.067

Last Modified

2024-11-21T03:24:07.027

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	hp_240_g1_firmware	< f.48	Yes
Hardware	hp	hp_240_g1	-	No
Operating System	hp	hp_245_g1_firmware	< f.48	Yes
Hardware	hp	hp_245_g1	-	No
Operating System	hp	hp_1000-1300_firmware	< f.48	Yes
Hardware	hp	hp_1000-1300	-	No
Operating System	hp	hp_250_g1_notebook_pc_firmware	< f.47	Yes
Hardware	hp	hp_250_g1_notebook_pc	-	No
Operating System	hp	hp_255_g1_notebook_pc_firmware	< f.47	Yes
Hardware	hp	hp_255_g1_notebook_pc	-	No
Operating System	hp	hp_envy_15-j000_firmware	< f.22	Yes
Hardware	hp	hp_envy_15-j000	-	No
Operating System	hp	hp_envy_15-j100_firmware	< f.71	Yes
Hardware	hp	hp_envy_15-j100	-	No
Operating System	hp	hp_pavilion_15-n000_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_15-n000	-	No
Operating System	hp	hp_246_firmware	< f.04	Yes
Hardware	hp	hp_246	-	No
Operating System	hp	hp_455_firmware	< f.08	Yes
Hardware	hp	hp_455	-	No
Operating System	hp	hp_envy_17_j100_firmware	< f.71	Yes
Hardware	hp	hp_envy_17_j100	-	No
Operating System	hp	hp_envy_17-j100_leap_motion_se_firmware	< f.71	Yes
Hardware	hp	hp_envy_17-j100_leap_motion_se	-	No
Operating System	hp	hp_split_13-g200_firmware	< f.25	Yes
Hardware	hp	hp_split_13-g200	-	No
Operating System	hp	hp_envy_100_firmware	< f.22	Yes
Hardware	hp	hp_envy_100	-	No
Operating System	hp	hp_pavilion_14-n000_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_14-n000	-	No
Operating System	hp	hp_envy_14-k100_firmware	< f.22	Yes
Hardware	hp	hp_envy_14-k100	-	No
Operating System	hp	hp_spectre_x2_13-smb_pro_firmware	< f.25	Yes
Hardware	hp	hp_spectre_x2_13-smb_pro	-	No
Operating System	hp	hp_spectre_13-h200_firmware	< f.25	Yes
Hardware	hp	hp_spectre_13-h200	-	No
Operating System	hp	hp_pavilion_15-n200_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_15-n200	-	No
Operating System	hp	hp_pavilion_15-n300_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_15-n300	-	No
Operating System	hp	hp_envy_m6-n000_firmware	< f.26	Yes
Hardware	hp	hp_envy_m6-n000	-	No
Operating System	hp	hp_255_g3_firmware	< f.45	Yes
Hardware	hp	hp_255_g3	-	No
Operating System	hp	hp_14-g000_firmware	< f.45	Yes
Hardware	hp	hp_14-g000	-	No
Operating System	hp	hp_pavilion_11-n000_firmware	< f.2e	Yes
Hardware	hp	hp_pavilion_11-n000	-	No
Operating System	hp	hp_15-r000_firmware	< f.43	Yes
Hardware	hp	hp_15-r000	-	No
Operating System	hp	hp_15-r500_firmware	< f.43	Yes
Hardware	hp	hp_15-r500	-	No
Operating System	hp	hp_pavilion_10-f000_firmware	< f.0e	Yes
Hardware	hp	hp_pavilion_10-f000	-	No
Operating System	hp	hp_g14-a000_firmware	< f.06	Yes
Hardware	hp	hp_g14-a000	-	No
Operating System	hp	hp_14-r000_firmware	< f.43	Yes
Hardware	hp	hp_14-r000	-	No
Operating System	hp	hp_240_g3_firmware	< f.43	Yes
Hardware	hp	hp_240_g3	-	No
Operating System	hp	hp_246_g3_firmware	< f.43	Yes
Hardware	hp	hp_246_g3	-	No
Operating System	hp	compaq_cq45-900_firmware	-	Yes
Hardware	hp	compaq_cq45-900	-	No
Operating System	hp	compaq_14-h000_firmware	-	Yes
Hardware	hp	compaq_14-h000	-	No
Operating System	hp	compaq_14-s000_firmware	-	Yes
Hardware	hp	compaq_14-s000	-	No

References

https://support.hp.com/us-en/document/c05913581 Vendor Advisory ([email protected])
https://support.hp.com/us-en/document/c05913581 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)