Details of VAR-201810-0064

ID

VAR-201810-0064

CVE

CVE-2017-2751

TITLE

Vulnerabilities related to certificate and password management in the firmware of some notebook products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013135

DESCRIPTION

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. HP 240 G1 Notebook PC, etc. are all notebook computer products of Hewlett-Packard (HP) in the United States. Attackers can exploit this vulnerability to extract BIOS passwords. The following products are affected: HP 240 G1 Notebook PC; 245 G1 Notebook PC; 1000-1300~1000-1399 Notebook PC; Compaq CQ45-900~CQ45-999 Notebook PC; 250 G1 Notebook PC; 255 G1 Notebook PC; ENVY (TouchSmart ) 15-j000~j099 Notebook PC; ENVY (TouchSmart) 15-j100~j199 Notebook PC; Pavilion (TouchSmart) 15-n000~199 Notebook PC; 246 Notebook PC; 455 Notebook PC; ENVY (TouchSmart) 17-j100~j199 Notebook PC; ENVY (TouchSmart) 17-j100 ~ j199 Leap Motion SE Notebook PC; Split 13-g200~299 x2 PC; ENVY (TouchSmart) 100~15-j199 Notebook PC; Pavilion (TouchSmart) 14-n000~199 Notebook PC ; ENVY (TouchSmart) 14-k100~14-k199 Sleekbook; ENVY TouchSmart 14-k100~14-k199 Ultrabook; Specter x2 13-SMB Pro; Specter 13-h200~299 x2 PC; Pavilion 15-n200~299 (TouchSmart) Notebook PC; Pavilion 15-n300~399

Trust: 1.8

sources: NVD: CVE-2017-2751 // JVNDB: JVNDB-2018-013135 // VULHUB: VHN-110954 // VULMON: CVE-2017-2751

AFFECTED PRODUCTS

vendor:	hp	model:	compaq 14-h000	scope:	eq	version:	-	Trust: 1.6
vendor:	hp	model:	compaq cq45-900	scope:	eq	version:	-	Trust: 1.6
vendor:	hp	model:	compaq 14-s000	scope:	eq	version:	-	Trust: 1.6
vendor:	hp	model:	g14-a000	scope:	lt	version:	f.06	Trust: 1.0
vendor:	hp	model:	pavilion 15-n000	scope:	lt	version:	f.72	Trust: 1.0
vendor:	hp	model:	envy 100	scope:	lt	version:	f.22	Trust: 1.0
vendor:	hp	model:	246 g3	scope:	lt	version:	f.43	Trust: 1.0
vendor:	hp	model:	245 g1	scope:	lt	version:	f.48	Trust: 1.0
vendor:	hp	model:	15-r500	scope:	lt	version:	f.43	Trust: 1.0
vendor:	hp	model:	246	scope:	lt	version:	f.04	Trust: 1.0
vendor:	hp	model:	envy 17-j100 leap motion se	scope:	lt	version:	f.71	Trust: 1.0
vendor:	hp	model:	envy m6-n000	scope:	lt	version:	f.26	Trust: 1.0
vendor:	hp	model:	pavilion 10-f000	scope:	lt	version:	f.0e	Trust: 1.0
vendor:	hp	model:	pavilion 14-n000	scope:	lt	version:	f.72	Trust: 1.0
vendor:	hp	model:	pavilion 11-n000	scope:	lt	version:	f.2e	Trust: 1.0
vendor:	hp	model:	250 g1 notebook pc	scope:	lt	version:	f.47	Trust: 1.0
vendor:	hp	model:	pavilion 15-n200	scope:	lt	version:	f.72	Trust: 1.0
vendor:	hp	model:	envy 15-j100	scope:	lt	version:	f.71	Trust: 1.0
vendor:	hp	model:	15-r000	scope:	lt	version:	f.43	Trust: 1.0
vendor:	hp	model:	255 g3	scope:	lt	version:	f.45	Trust: 1.0
vendor:	hp	model:	240 g3	scope:	lt	version:	f.43	Trust: 1.0
vendor:	hp	model:	envy 15-j000	scope:	lt	version:	f.22	Trust: 1.0
vendor:	hp	model:	spectre x2 13-smb pro	scope:	lt	version:	f.25	Trust: 1.0
vendor:	hp	model:	spectre 13-h200	scope:	lt	version:	f.25	Trust: 1.0
vendor:	hp	model:	1000-1300	scope:	lt	version:	f.48	Trust: 1.0
vendor:	hp	model:	envy 14-k100	scope:	lt	version:	f.22	Trust: 1.0
vendor:	hp	model:	255 g1 notebook pc	scope:	lt	version:	f.47	Trust: 1.0
vendor:	hp	model:	pavilion 15-n300	scope:	lt	version:	f.72	Trust: 1.0
vendor:	hp	model:	240 g1	scope:	lt	version:	f.48	Trust: 1.0
vendor:	hp	model:	14-g000	scope:	lt	version:	f.45	Trust: 1.0
vendor:	hp	model:	14-r000	scope:	lt	version:	f.43	Trust: 1.0
vendor:	hp	model:	455	scope:	lt	version:	f.08	Trust: 1.0
vendor:	hp	model:	split 13-g200	scope:	lt	version:	f.25	Trust: 1.0
vendor:	hp	model:	envy 17 j100	scope:	lt	version:	f.71	Trust: 1.0
vendor:	hewlett packard	model:	hp 1000-1300	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp 240 g1	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp 245 g1	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp 246	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp 250 g1 notebook pc	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp 255 g1 notebook pc	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp 455	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp envy 15-j000	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp envy 15-j100	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	hp pavilion 15-n000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-013135 // CNNVD: CNNVD-201810-122 // NVD: CVE-2017-2751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-2751
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-2751
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-122
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-110954
value:	LOW
Trust: 0.1
VULMON:	CVE-2017-2751
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-2751
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-110954
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-2751
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-110954 // VULMON: CVE-2017-2751 // JVNDB: JVNDB-2018-013135 // CNNVD: CNNVD-201810-122 // NVD: CVE-2017-2751

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-110954 // JVNDB: JVNDB-2018-013135 // NVD: CVE-2017-2751

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-122

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-122

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013135

PATCH

title:	c05913581	url:	https://support.hp.com/us-en/document/c05913581	Trust: 0.8
title:	Multiple HP Repair measures for notebook security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86095	Trust: 0.6
title:	HP: HPSBGN03575 rev. 1 - BIOS Password Extraction Vulnerability on Certain HP Notebooks	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBGN03575	Trust: 0.1
title:	HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBGN03575 rev. 1 - BIOS Password Extraction Vulnerability on Certain HP Notebooks	url:	https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=d33898d882b7769c704f65297e3a739e	Trust: 0.1
title:	-	url:	https://github.com/khulnasoft-labs/awesome-security	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1

sources: VULMON: CVE-2017-2751 // JVNDB: JVNDB-2018-013135 // CNNVD: CNNVD-201810-122

EXTERNAL IDS

db:	NVD	id:	CVE-2017-2751	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-013135	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-122	Trust: 0.7
db:	VULHUB	id:	VHN-110954	Trust: 0.1
db:	VULMON	id:	CVE-2017-2751	Trust: 0.1

sources: VULHUB: VHN-110954 // VULMON: CVE-2017-2751 // JVNDB: JVNDB-2018-013135 // CNNVD: CNNVD-201810-122 // NVD: CVE-2017-2751

REFERENCES

url:	https://support.hp.com/us-en/document/c05913581	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2751	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2751	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nomi-sec/poc-in-github	Trust: 0.1

sources: VULHUB: VHN-110954 // VULMON: CVE-2017-2751 // JVNDB: JVNDB-2018-013135 // CNNVD: CNNVD-201810-122 // NVD: CVE-2017-2751

SOURCES

db:	VULHUB	id:	VHN-110954
db:	VULMON	id:	CVE-2017-2751
db:	JVNDB	id:	JVNDB-2018-013135
db:	CNNVD	id:	CNNVD-201810-122
db:	NVD	id:	CVE-2017-2751

LAST UPDATE DATE

2024-11-23T23:04:57.756000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-110954	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-2751	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013135	date:	2019-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201810-122	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-2751	date:	2024-11-21T03:24:07.027

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-110954	date:	2018-10-03T00:00:00
db:	VULMON	id:	CVE-2017-2751	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013135	date:	2019-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201810-122	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2017-2751	date:	2018-10-03T20:29:07.067