CVE & CISA-KEV Catalog

CVE-2017-2751

MEDIUM
4.6
CVSS v3
NVD

Description

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014.

How to fix

Remediation Available
hp 1000-1300 firmwareNVD
Affected:< f.48Fixed in:f.48CVE-2017-2751derived from NVD
hp 14-g000 firmwareNVD
Affected:< f.45Fixed in:f.45CVE-2017-2751derived from NVD
hp 14-r000 firmwareNVD
Affected:< f.43Fixed in:f.43CVE-2017-2751derived from NVD
hp 15-r000 firmwareNVD
Affected:< f.43Fixed in:f.43CVE-2017-2751derived from NVD
hp 15-r500 firmwareNVD
Affected:< f.43Fixed in:f.43CVE-2017-2751derived from NVD
hp 240 g1 firmwareNVD
Affected:< f.48Fixed in:f.48CVE-2017-2751derived from NVD
hp 240 g3 firmwareNVD
Affected:< f.43Fixed in:f.43CVE-2017-2751derived from NVD
hp 245 g1 firmwareNVD
Affected:< f.48Fixed in:f.48CVE-2017-2751derived from NVD
hp 246 firmwareNVD
Affected:< f.04Fixed in:f.04CVE-2017-2751derived from NVD
hp 246 g3 firmwareNVD
Affected:< f.43Fixed in:f.43CVE-2017-2751derived from NVD
hp 250 g1 notebook pc firmwareNVD
Affected:< f.47Fixed in:f.47CVE-2017-2751derived from NVD
hp 255 g1 notebook pc firmwareNVD
Affected:< f.47Fixed in:f.47CVE-2017-2751derived from NVD
hp 255 g3 firmwareNVD
Affected:< f.45Fixed in:f.45CVE-2017-2751derived from NVD
hp 455 firmwareNVD
Affected:< f.08Fixed in:f.08CVE-2017-2751derived from NVD
hp envy 100 firmwareNVD
Affected:< f.22Fixed in:f.22CVE-2017-2751derived from NVD
hp envy 14-k100 firmwareNVD
Affected:< f.22Fixed in:f.22CVE-2017-2751derived from NVD
hp envy 15-j000 firmwareNVD
Affected:< f.22Fixed in:f.22CVE-2017-2751derived from NVD
hp envy 15-j100 firmwareNVD
Affected:< f.71Fixed in:f.71CVE-2017-2751derived from NVD
hp envy 17-j100 leap motion se firmwareNVD
Affected:< f.71Fixed in:f.71CVE-2017-2751derived from NVD
hp envy 17 j100 firmwareNVD
Affected:< f.71Fixed in:f.71CVE-2017-2751derived from NVD
hp envy m6-n000 firmwareNVD
Affected:< f.26Fixed in:f.26CVE-2017-2751derived from NVD
hp g14-a000 firmwareNVD
Affected:< f.06Fixed in:f.06CVE-2017-2751derived from NVD
hp pavilion 10-f000 firmwareNVD
Affected:< f.0eFixed in:f.0eCVE-2017-2751derived from NVD
hp pavilion 11-n000 firmwareNVD
Affected:< f.2eFixed in:f.2eCVE-2017-2751derived from NVD
hp pavilion 14-n000 firmwareNVD
Affected:< f.72Fixed in:f.72CVE-2017-2751derived from NVD
hp pavilion 15-n000 firmwareNVD
Affected:< f.72Fixed in:f.72CVE-2017-2751derived from NVD
hp pavilion 15-n200 firmwareNVD
Affected:< f.72Fixed in:f.72CVE-2017-2751derived from NVD
hp pavilion 15-n300 firmwareNVD
Affected:< f.72Fixed in:f.72CVE-2017-2751derived from NVD
hp spectre 13-h200 firmwareNVD
Affected:< f.25Fixed in:f.25CVE-2017-2751derived from NVD
hp spectre x2 13-smb pro firmwareNVD
Affected:< f.25Fixed in:f.25CVE-2017-2751derived from NVD
hp split 13-g200 firmwareNVD
Affected:< f.25Fixed in:f.25CVE-2017-2751derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

1.06%probability of exploitation in 30 days
61stpercentile

Moderate risk: more likely to be exploited than 61% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-522 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2019-17662Critical9.897%--
CVE-2020-29583Critical9.890%KEV-
CVE-2021-30116Critical10.086%KEV + RansomFix
CVE-2024-44000Critical9.883%-Fix
CVE-2018-9160Critical9.877%--
CVE-2017-9248Critical9.875%KEVFix
Embed a live status badge for CVE-2017-2751
CVE-2017-2751 severity badge

Markdown

[![CVE-2017-2751](https://tridentstack.com/cve/badge/CVE-2017-2751.svg)](https://tridentstack.com/cve/CVE-2017-2751)

HTML

<a href="https://tridentstack.com/cve/CVE-2017-2751"><img src="https://tridentstack.com/cve/badge/CVE-2017-2751.svg" alt="CVE-2017-2751"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.