Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-2751

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.6, with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 68 products from hp, from hp, from hp and 65 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2018, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2018-10-03T20:29:07.067

Last Modified

2024-11-21T03:24:07.027

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	hp_240_g1_firmware	< f.48	Yes
Hardware	hp	hp_240_g1	-	No
Operating System	hp	hp_245_g1_firmware	< f.48	Yes
Hardware	hp	hp_245_g1	-	No
Operating System	hp	hp_1000-1300_firmware	< f.48	Yes
Hardware	hp	hp_1000-1300	-	No
Operating System	hp	hp_250_g1_notebook_pc_firmware	< f.47	Yes
Hardware	hp	hp_250_g1_notebook_pc	-	No
Operating System	hp	hp_255_g1_notebook_pc_firmware	< f.47	Yes
Hardware	hp	hp_255_g1_notebook_pc	-	No
Operating System	hp	hp_envy_15-j000_firmware	< f.22	Yes
Hardware	hp	hp_envy_15-j000	-	No
Operating System	hp	hp_envy_15-j100_firmware	< f.71	Yes
Hardware	hp	hp_envy_15-j100	-	No
Operating System	hp	hp_pavilion_15-n000_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_15-n000	-	No
Operating System	hp	hp_246_firmware	< f.04	Yes
Hardware	hp	hp_246	-	No
Operating System	hp	hp_455_firmware	< f.08	Yes
Hardware	hp	hp_455	-	No
Operating System	hp	hp_envy_17_j100_firmware	< f.71	Yes
Hardware	hp	hp_envy_17_j100	-	No
Operating System	hp	hp_envy_17-j100_leap_motion_se_firmware	< f.71	Yes
Hardware	hp	hp_envy_17-j100_leap_motion_se	-	No
Operating System	hp	hp_split_13-g200_firmware	< f.25	Yes
Hardware	hp	hp_split_13-g200	-	No
Operating System	hp	hp_envy_100_firmware	< f.22	Yes
Hardware	hp	hp_envy_100	-	No
Operating System	hp	hp_pavilion_14-n000_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_14-n000	-	No
Operating System	hp	hp_envy_14-k100_firmware	< f.22	Yes
Hardware	hp	hp_envy_14-k100	-	No
Operating System	hp	hp_spectre_x2_13-smb_pro_firmware	< f.25	Yes
Hardware	hp	hp_spectre_x2_13-smb_pro	-	No
Operating System	hp	hp_spectre_13-h200_firmware	< f.25	Yes
Hardware	hp	hp_spectre_13-h200	-	No
Operating System	hp	hp_pavilion_15-n200_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_15-n200	-	No
Operating System	hp	hp_pavilion_15-n300_firmware	< f.72	Yes
Hardware	hp	hp_pavilion_15-n300	-	No
Operating System	hp	hp_envy_m6-n000_firmware	< f.26	Yes
Hardware	hp	hp_envy_m6-n000	-	No
Operating System	hp	hp_255_g3_firmware	< f.45	Yes
Hardware	hp	hp_255_g3	-	No
Operating System	hp	hp_14-g000_firmware	< f.45	Yes
Hardware	hp	hp_14-g000	-	No
Operating System	hp	hp_pavilion_11-n000_firmware	< f.2e	Yes
Hardware	hp	hp_pavilion_11-n000	-	No
Operating System	hp	hp_15-r000_firmware	< f.43	Yes
Hardware	hp	hp_15-r000	-	No
Operating System	hp	hp_15-r500_firmware	< f.43	Yes
Hardware	hp	hp_15-r500	-	No
Operating System	hp	hp_pavilion_10-f000_firmware	< f.0e	Yes
Hardware	hp	hp_pavilion_10-f000	-	No
Operating System	hp	hp_g14-a000_firmware	< f.06	Yes
Hardware	hp	hp_g14-a000	-	No
Operating System	hp	hp_14-r000_firmware	< f.43	Yes
Hardware	hp	hp_14-r000	-	No
Operating System	hp	hp_240_g3_firmware	< f.43	Yes
Hardware	hp	hp_240_g3	-	No
Operating System	hp	hp_246_g3_firmware	< f.43	Yes
Hardware	hp	hp_246_g3	-	No
Operating System	hp	compaq_cq45-900_firmware	-	Yes
Hardware	hp	compaq_cq45-900	-	No
Operating System	hp	compaq_14-h000_firmware	-	Yes
Hardware	hp	compaq_14-h000	-	No
Operating System	hp	compaq_14-s000_firmware	-	Yes
Hardware	hp	compaq_14-s000	-	No

References

https://support.hp.com/us-en/document/c05913581 Vendor Advisory ([email protected])
https://support.hp.com/us-en/document/c05913581 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For hp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.