CVE-2022-43779

Name: CVE-2022-43779
Creator: NVD / NIST
Published: 2023-02-12T04:15:16.06+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7/10EPSS 0.14%

Last modified Jun 17, 2026

CVE-2022-43779 is a high-severity vulnerability rated 7/10 on the CVSS scale. A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

Metrics

CVSS 3.1

7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.14%

3.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Hp	348 G4 Firmware	< f.65
Hp	260 G2 Desktop Mini Firmware	< 2.26
Hp	218 Pro G5 Mt Firmware	< f15
Hp	260 G3 Desktop Mini Firmware	< 02.20.00
Hp	260 G4 Desktop Mini Firmware	< 02.12.00
Hp	280 G3 Microtower Pc Firmware	< 02.02.40
Hp	280 G3 Pci Microtower Pc Firmware	< 02.02.40
Hp	288 Pro G3 Microtower Pc Firmware	< 00.02.40
Hp	290 G1 Microtower Firmware	< 00.02.40
Hp	Desktop Pro 300 G3 Firmware	< f15
Hp	Desktop Pro A 300 G3 Firmware	< f12
Hp	Desktop Pro A G2 Firmware	< f.11
Hp	Desktop Pro A G2 Microtower Firmware	< f.11
Hp	Desktop Pro A G3 Firmware	< f12
Hp	Desktop Pro A G3 Microtower Firmware	< f12
Hp	Desktop Pro G3 Firmware	< f15
Hp	Desktop Pro G3 Microtower Firmware	< f15
Hp	Desktop Pro Microtower Firmware	< 00.02.40
Hp	Zhan 66 Pro A G1 Microtower Firmware	< f.11
Hp	Zhan 66 Pro A G1 R Microtower Firmware	< f12
Hp	Zhan 66 Pro G1 R Microtower Firmware	< f15
Hp	Zhan 86 Pro G1 Microtower Firmware	< 00.02.40
Hp	Rp2 Retail System 2000 Firmware	< 2.24
Hp	Rp2 Retail System 2020 Firmware	< 2.24
Hp	Rp2 Retail System 2030 Firmware	< 2.24

References

https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829Patch, Vendor Advisory
https://support.hp.com/us-en/document/ish_7394557-7394585-16/hpsbhf03829Patch, Vendor Advisory

Timeline

Published: Feb 12, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-43779?

How severe is CVE-2022-43779?

CVE-2022-43779 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.

How do I fix CVE-2022-43779?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-43779?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST