CVE-2024-5477

Summary

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.

Affected Software

VendorProductVersion RangeStatus
HP Inc.Certain HP PC ProductsSee HP Security Bulletin reference for affected versions.affected

Weaknesses

  • CWE-1256: CWE-1256 - Improper Restriction of Software and Firmware Updates

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References