CVE-2022-37018

Name: CVE-2022-37018
Creator: NVD / NIST
Published: 2022-12-12T13:15:12.44+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.4/10EPSS 0.23%

Last modified Jun 17, 2026

CVE-2022-37018 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.

Metrics

CVSS 3.1

8.4/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.23%

14.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-276

Affected Software

Vendor	Product	Versions
Hp	Z1 G3 Firmware	< 01.33
Hp	Z2 Mini G3 Firmware	< 01.85
Hp	Z238 Microtower Firmware	< 01.85
Hp	Z240 Sff Firmware	< 01.85
Hp	Z240 Tower Firmware	< 01.85
Hp	Engage One Aio System Firmware	< 02.44
Hp	Mp9 G2 Retail System Firmware	< 02.59
Hp	Rp9 G1 Retail System Firmware	< 02.59
Hp	Elite Slice Firmware	< 02.59
Hp	Elitedesk 800 35w G2 Desktop Mini Pc Firmware	< 02.59
Hp	Elitedesk 800 35w G3 Desktop Mini Pc Firmware	< 02.44
Hp	Elitedesk 800 65w G2 Desktop Mini Pc Firmware	< 02.59
Hp	Elitedesk 800 65w G3 Desktop Mini Pc Firmware	< 02.44
Hp	Elitedesk 800 G2 Sff Firmware	< 02.59
Hp	Eliteone 800 G2 Aio Firmware	< 02.59
Hp	Eliteone 800 G3 Firmware	< 02.44
Hp	Prodesk 400 G3 Dm Firmware	< 02.44
Hp	Prodesk 400 G4 Microtower Firmware	< 02.44
Hp	Prodesk 400 G4 Sff Firmware	< 02.44
Hp	Prodesk 480 G4 Microtower Pc Firmware	< 02.44
Hp	Prodesk 600 G2 Dm Firmware	< 02.59
Hp	Prodesk 600 G2 Microtower Pc Firmware	< 02.59
Hp	Prodesk 600 G2 Sff Firmware	< 02.59
Hp	Prodesk 600 G3 Desktop Mini Firmware	< 02.44
Hp	Prodesk 600 G3 Microtower Pc Firmware	< 02.44
Hp	Prodesk 600 G3 Sff Firmware	< 02.44
Hp	Prodesk 680 G2 Microtower Pc Firmware	< 02.59
Hp	Prodesk 680 G3 Microtower Pc Firmware	< 02.44
Hp	Proone 400 G2 Aio Firmware	< 02.59
Hp	Proone 400 G3 Aio Firmware	< 02.44
Hp	Proone 480 G3 Firmware	< 02.44
Hp	Proone 600 G2 Aio Firmware	< 02.59
Hp	Proone 600 G3 Firmware	< 02.44
Hp	Elite X2 1012 G1 Firmware	< 01.58
Hp	Elite X2 1012 G2 Firmware	< 01.44
Hp	Elitebook 1030 G1 Firmware	< 01.58
Hp	Elitebook 1040 G3 Firmware	< 01.58
Hp	Elitebook 1040 G4 Firmware	< 01.44
Hp	Elitebook 820 G3 Firmware	< 01.58
Hp	Elitebook 820 G4 Firmware	< 01.44
Hp	Elitebook 828 G3 Firmware	< 01.58
Hp	Elitebook 828 G4 Firmware	< 01.44
Hp	Elitebook 840 G3 Firmware	< 01.58
Hp	Elitebook 840 G4 Firmware	< 01.44
Hp	Elitebook 848 G3 Firmware	< 01.58
Hp	Elitebook 848 G4 Firmware	< 01.44
Hp	Elitebook 850 G3 Firmware	< 01.58
Hp	Elitebook 850 G4 Firmware	< 01.44
Hp	Elitebook Folio G1 Firmware	< 01.58
Hp	Elitebook X360 1020 G2 Firmware	< 01.44

Showing 50 of 75 affected configurations. See NVD for the full list.

References

https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820Patch, Vendor Advisory
https://support.hp.com/us-en/document/ish_7191946-7191970-16/hpsbhf03820Patch, Vendor Advisory

Timeline

Published: Dec 12, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-37018?

How severe is CVE-2022-37018?

CVE-2022-37018 has a CVSS score of 8.4/10 (HIGH severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.

How do I fix CVE-2022-37018?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-37018?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST