CVE-2022-37020

Name: CVE-2022-37020
Creator: NVD / NIST
Published: 2024-06-10T23:15:49.503+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.8/10EPSS 0.18%

Last modified Jun 17, 2026

CVE-2022-37020 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.

Description

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.

Metrics

CVSS 3.1

6.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS Probability

0.18%

7.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Hp	Elite Slice Firmware	< 00.02.64
Hp	Elite Slice For Meeting Rooms Firmware	< 00.02.64
Hp	Elitebook 1040 G3 Firmware	< 01.62
Hp	Elitebook 820 G3 Firmware	< 01.62
Hp	Elitebook 828 G3 Firmware	< 01.62
Hp	Elitebook 840 G3 Firmware	< 01.62
Hp	Elitebook 848 G3 Firmware	< 01.62
Hp	Elitebook 850 G3 Firmware	< 01.62
Hp	Elitebook Folio G1 Firmware	< 01.62
Hp	Elitedesk 800 35w G2 Desktop Mini Pc Firmware	< 00.02.63
Hp	Elitedesk 800 65w G2 Desktop Mini Pc Firmware	< 00.02.63
Hp	Mp9 G2 Retail System Firmware	< 02.63
Hp	Probook 440 G3 Firmware	< 1.62
Hp	Probook 446 G3 Firmware	< 1.62
Hp	Probook 470 G3 Firmware	< 1.62
Hp	Probook 640 G2 Firmware	< 1.62
Hp	Probook 650 G2 Firmware	< 1.62
Hp	Rp9 G1 Retail System Firmware	< 02.64
Hp	Z2 Mini G3 Workstation Firmware	< 01.91
Hp	Z238 Microtower Workstation Firmware	< 01.91
Hp	Z240 Small Form Factor Workstation Firmware	< 01.91
Hp	Z240 Tower Workstation Firmware	< 01.91
Hp	Zbook 15 G3 Firmware	< 1.62
Hp	Zbook 15u G3 Firmware	< 1.62
Hp	Zbook 17 G3 Firmware	< 1.62
Hp	Zbook Studio G3 Firmware	< 1.62

References

https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943Vendor Advisory
https://support.hp.com/us-en/document/ish_10737430-10737454-16/hpsbhf03943Vendor Advisory

Timeline

Published: Jun 10, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2022-37020?

How severe is CVE-2022-37020?

CVE-2022-37020 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.

How do I fix CVE-2022-37020?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-37020?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST