CVE-2017-2751
UnknownEPSS 1.06%
Last modified
CVE-2017-2751 is a vulnerability of currently unknown severity. A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. EPSS estimates a 1.06% chance of exploitation in the next 30 days.
Description
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | Hp 240 G1 Firmware | < f.48 |
| Hp | Hp 245 G1 Firmware | < f.48 |
| Hp | Hp 1000-1300 Firmware | < f.48 |
| Hp | Hp 250 G1 Notebook Pc Firmware | < f.47 |
| Hp | Hp 255 G1 Notebook Pc Firmware | < f.47 |
| Hp | Hp Envy 15-J000 Firmware | < f.22 |
| Hp | Hp Envy 15-J100 Firmware | < f.71 |
| Hp | Hp Pavilion 15-N000 Firmware | < f.72 |
| Hp | Hp 246 Firmware | < f.04 |
| Hp | Hp 455 Firmware | < f.08 |
| Hp | Hp Envy 17 J100 Firmware | < f.71 |
| Hp | Hp Envy 17-J100 Leap Motion Se Firmware | < f.71 |
| Hp | Hp Split 13-G200 Firmware | < f.25 |
| Hp | Hp Envy 100 Firmware | < f.22 |
| Hp | Hp Pavilion 14-N000 Firmware | < f.72 |
| Hp | Hp Envy 14-K100 Firmware | < f.22 |
| Hp | Hp Spectre X2 13-Smb Pro Firmware | < f.25 |
| Hp | Hp Spectre 13-H200 Firmware | < f.25 |
| Hp | Hp Pavilion 15-N200 Firmware | < f.72 |
| Hp | Hp Pavilion 15-N300 Firmware | < f.72 |
| Hp | Hp Envy M6-N000 Firmware | < f.26 |
| Hp | Hp 255 G3 Firmware | < f.45 |
| Hp | Hp 14-G000 Firmware | < f.45 |
| Hp | Hp Pavilion 11-N000 Firmware | < f.2e |
| Hp | Hp 15-R000 Firmware | < f.43 |
| Hp | Hp 15-R500 Firmware | < f.43 |
| Hp | Hp Pavilion 10-F000 Firmware | < f.0e |
| Hp | Hp G14-A000 Firmware | < f.06 |
| Hp | Hp 14-R000 Firmware | < f.43 |
| Hp | Hp 240 G3 Firmware | < f.43 |
| Hp | Hp 246 G3 Firmware | < f.43 |
| Hp | Compaq Cq45-900 Firmware | All versions |
| Hp | Compaq 14-H000 Firmware | All versions |
| Hp | Compaq 14-S000 Firmware | All versions |
References
- https://support.hp.com/us-en/document/c05913581Vendor Advisory
- https://support.hp.com/us-en/document/c05913581Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2751?
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.
How severe is CVE-2017-2751?
Severity scoring for CVE-2017-2751 is pending analysis. The EPSS model estimates a 1.06% probability of exploitation in the next 30 days.
How do I fix CVE-2017-2751?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-2751?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST