A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.04384.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
HP Inc. HP 240 G1 Notebook PC and certain other consumer notebooks affected
Version Status Constraints
F.22 and other firmware versions affected

Configuration 1 [-]

AND
cpe:2.3:o:hp:hp_240_g1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_240_g1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:hp:hp_245_g1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_245_g1:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:hp:hp_1000-1300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_1000-1300:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:hp:hp_250_g1_notebook_pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_250_g1_notebook_pc:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:hp:hp_255_g1_notebook_pc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_255_g1_notebook_pc:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:hp:hp_envy_15-j000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_envy_15-j000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:hp:hp_envy_15-j100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_envy_15-j100:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:hp:hp_pavilion_15-n000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_pavilion_15-n000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:hp:hp_246_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_246:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:hp:hp_455_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_455:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:hp:hp_envy_17_j100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_envy_17_j100:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:hp:hp_envy_17-j100_leap_motion_se_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_envy_17-j100_leap_motion_se:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:hp:hp_split_13-g200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_split_13-g200:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:hp:hp_envy_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_envy_100:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:hp:hp_pavilion_14-n000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_pavilion_14-n000:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:hp:hp_envy_14-k100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_envy_14-k100:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:hp:hp_spectre_x2_13-smb_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_spectre_x2_13-smb_pro:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:hp:hp_spectre_13-h200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_spectre_13-h200:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:hp:hp_pavilion_15-n200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_pavilion_15-n200:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:hp:hp_pavilion_15-n300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_pavilion_15-n300:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:hp:hp_envy_m6-n000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_envy_m6-n000:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:hp:hp_255_g3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_255_g3:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:hp:hp_14-g000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_14-g000:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:hp:hp_pavilion_11-n000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_pavilion_11-n000:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:hp:hp_15-r000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_15-r000:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:hp:hp_15-r500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_15-r500:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:hp:hp_pavilion_10-f000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_pavilion_10-f000:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:hp:hp_g14-a000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_g14-a000:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:hp:hp_14-r000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_14-r000:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:hp:hp_240_g3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_240_g3:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:hp:hp_246_g3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:hp_246_g3:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:hp:compaq_cq45-900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:compaq_cq45-900:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:hp:compaq_14-h000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:compaq_14-h000:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:hp:compaq_14-s000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:hp:compaq_14-s000:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Hp Subscribe
Compaq 14-h000 Subscribe
Compaq 14-h000 Firmware Subscribe
Compaq 14-s000 Subscribe
Compaq 14-s000 Firmware Subscribe
Compaq Cq45-900 Subscribe
Compaq Cq45-900 Firmware Subscribe
Hp 1000-1300 Subscribe
Hp 1000-1300 Firmware Subscribe
Hp 14-g000 Subscribe
Hp 14-g000 Firmware Subscribe
Hp 14-r000 Subscribe
Hp 14-r000 Firmware Subscribe
Hp 15-r000 Subscribe
Hp 15-r000 Firmware Subscribe
Hp 15-r500 Subscribe
Hp 15-r500 Firmware Subscribe
Hp 240 G1 Subscribe
Hp 240 G1 Firmware Subscribe
Hp 240 G3 Subscribe
Hp 240 G3 Firmware Subscribe
Hp 245 G1 Subscribe
Hp 245 G1 Firmware Subscribe
Hp 246 Subscribe
Hp 246 Firmware Subscribe
Hp 246 G3 Subscribe
Hp 246 G3 Firmware Subscribe
Hp 250 G1 Notebook Pc Subscribe
Hp 250 G1 Notebook Pc Firmware Subscribe
Hp 255 G1 Notebook Pc Subscribe
Hp 255 G1 Notebook Pc Firmware Subscribe
Hp 255 G3 Subscribe
Hp 255 G3 Firmware Subscribe
Hp 455 Subscribe
Hp 455 Firmware Subscribe
Hp Envy 100 Subscribe
Hp Envy 100 Firmware Subscribe
Hp Envy 14-k100 Subscribe
Hp Envy 14-k100 Firmware Subscribe
Hp Envy 15-j000 Subscribe
Hp Envy 15-j000 Firmware Subscribe
Hp Envy 15-j100 Subscribe
Hp Envy 15-j100 Firmware Subscribe
Hp Envy 17-j100 Leap Motion Se Subscribe
Hp Envy 17-j100 Leap Motion Se Firmware Subscribe
Hp Envy 17 J100 Subscribe
Hp Envy 17 J100 Firmware Subscribe
Hp Envy M6-n000 Subscribe
Hp Envy M6-n000 Firmware Subscribe
Hp G14-a000 Subscribe
Hp G14-a000 Firmware Subscribe
Hp Pavilion 10-f000 Subscribe
Hp Pavilion 10-f000 Firmware Subscribe
Hp Pavilion 11-n000 Subscribe
Hp Pavilion 11-n000 Firmware Subscribe
Hp Pavilion 14-n000 Subscribe
Hp Pavilion 14-n000 Firmware Subscribe
Hp Pavilion 15-n000 Subscribe
Hp Pavilion 15-n000 Firmware Subscribe
Hp Pavilion 15-n200 Subscribe
Hp Pavilion 15-n200 Firmware Subscribe
Hp Pavilion 15-n300 Subscribe
Hp Pavilion 15-n300 Firmware Subscribe
Hp Spectre 13-h200 Subscribe
Hp Spectre 13-h200 Firmware Subscribe
Hp Spectre X2 13-smb Pro Subscribe
Hp Spectre X2 13-smb Pro Firmware Subscribe
Hp Split 13-g200 Subscribe
Hp Split 13-g200 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2017-11894 A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://support.hp.com/us-en/document/c05913581 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: hp

Published:

Updated: 2024-09-16T18:38:35.168Z

Reserved: 2016-12-01T00:00:00.000Z

Link: CVE-2017-2751

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-10-03T20:29:07.067

Modified: 2024-11-21T03:24:07.027

Link: CVE-2017-2751

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses