CVE & CISA-KEV Catalog

CVE-2022-37018

HIGH
8.4
CVSS v3
NVD

Description

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability.

How to fix

Remediation Available
elite slice firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
elite x2 1012 g1 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elite x2 1012 g2 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook 1030 g1 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook 1040 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook 1040 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook 820 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook 820 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook 828 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook 828 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook 840 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook 840 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook 848 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook 848 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook 850 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook 850 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook folio g1 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
elitebook x360 1020 g2 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitebook x360 1030 g2 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
elitedesk 800 35w g2 desktop mini pc firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
elitedesk 800 35w g3 desktop mini pc firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
elitedesk 800 65w g2 desktop mini pc firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
elitedesk 800 65w g3 desktop mini pc firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
elitedesk 800 g2 sff firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
eliteone 800 g2 aio firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
eliteone 800 g3 firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
engage one aio system firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
mp9 g2 retail system firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
pro x2 612 g2 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
probook 11 g2 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
probook 430 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
probook 440 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
probook 440 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
probook 446 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
probook 450 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
probook 470 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
probook 470 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
probook 640 g2 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
probook 640 g3 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
probook 650 g2 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
probook 650 g3 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
probook x360 11 g2 firmwareNVD
Affected:< 1.46Fixed in:1.46CVE-2022-37018derived from NVD
prodesk 400 g3 dm firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
prodesk 400 g4 microtower firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
prodesk 400 g4 sff firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
prodesk 480 g4 microtower pc firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
prodesk 600 g2 dm firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
prodesk 600 g2 microtower pc firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
prodesk 600 g2 sff firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
prodesk 600 g3 desktop mini firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
prodesk 600 g3 microtower pc firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
prodesk 600 g3 sff firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
prodesk 680 g2 microtower pc firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
prodesk 680 g3 microtower pc firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
proone 400 g2 aio firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
proone 400 g3 aio firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
proone 480 g3 firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
proone 600 g2 aio firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
proone 600 g3 firmwareNVD
Affected:< 02.44Fixed in:02.44CVE-2022-37018derived from NVD
rp9 g1 retail system firmwareNVD
Affected:< 02.59Fixed in:02.59CVE-2022-37018derived from NVD
z1 g3 firmwareNVD
Affected:< 01.33Fixed in:01.33CVE-2022-37018derived from NVD
z238 microtower firmwareNVD
Affected:< 01.85Fixed in:01.85CVE-2022-37018derived from NVD
z240 sff firmwareNVD
Affected:< 01.85Fixed in:01.85CVE-2022-37018derived from NVD
z240 tower firmwareNVD
Affected:< 01.85Fixed in:01.85CVE-2022-37018derived from NVD
z2 mini g3 firmwareNVD
Affected:< 01.85Fixed in:01.85CVE-2022-37018derived from NVD
zbook 14u g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
zbook 15 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
zbook 15 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
zbook 15u g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
zbook 15u g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
zbook 17 g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
zbook 17 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
zbook studio g3 firmwareNVD
Affected:< 01.58Fixed in:01.58CVE-2022-37018derived from NVD
zbook studio g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD
zbook studio x2 g4 firmwareNVD
Affected:< 01.44Fixed in:01.44CVE-2022-37018derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.23%probability of exploitation in 30 days
14thpercentile

Low risk: more likely to be exploited than 14% of all known CVEs.

References

Related Vulnerabilities

Other CWE-276 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2013-0632Critical9.894%KEV-
CVE-2017-11610High8.888%-Fix
CVE-2023-29919Critical9.160%--
CVE-2019-17124Critical9.823%--
CVE-2020-12608High7.822%-Fix
CVE-2021-3437Critical9.816%-Fix
Embed a live status badge for CVE-2022-37018
CVE-2022-37018 severity badge

Markdown

[![CVE-2022-37018](https://tridentstack.com/cve/badge/CVE-2022-37018.svg)](https://tridentstack.com/cve/CVE-2022-37018)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-37018"><img src="https://tridentstack.com/cve/badge/CVE-2022-37018.svg" alt="CVE-2022-37018"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-04-29.