Vulnerability CVE-2017-2751


Published: 2018-10-03

Description:
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
HP -> Compaq 14-h000 firmware 
HP -> Compaq 14-s000 firmware 
HP -> Compaq cq45-900 firmware 

 References:
https://support.hp.com/us-en/document/c05913581

Copyright 2024, cxsecurity.com

 

Back to Top