CVE-2024-5477

CVSS

No CVSS.

potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.

References

Link	Resource
https://support.hp.com/us-en/document/ish_12878449-12878471-16/hpsbhf04043

Configurations

No configuration.

History

14 Aug 2025, 13:12

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 18:15

Updated : 2025-08-14 13:12

NVD link : CVE-2024-5477

Mitre link : CVE-2024-5477

CVE.ORG link : CVE-2024-5477

JSON object : View

Products Affected

No product.

CWE

CWE-1256

Improper Restriction of Software Interfaces to Hardware Features

{"id": "CVE-2024-5477", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-13T18:15:28.743", "references": [{"url": "https://support.hp.com/us-en/document/ish_12878449-12878471-16/hpsbhf04043", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1256"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el BIOS del sistema de algunos productos HP PC. Esta vulnerabilidad podr\u00eda permitir la escalada de privilegios, la ejecuci\u00f3n de c\u00f3digo arbitrario, la denegaci\u00f3n de servicio o la divulgaci\u00f3n de informaci\u00f3n mediante un ataque f\u00edsico que requiere equipo y conocimientos especializados. HP est\u00e1 lanzando una soluci\u00f3n de mitigaci\u00f3n de firmware para esta posible vulnerabilidad."}], "lastModified": "2025-08-14T13:12:09.870", "sourceIdentifier": "[email protected]"}

CVE-2024-5477

JSON object

Attach tags to CVE-2024-5477

Attach tags to `CVE-2024-5477`