CVE-2024-5477

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.

CVSS

No CVSS.

References

Link	Resource
https://support.hp.com/us-en/document/ish_12878449-12878471-16/hpsbhf04043

Configurations

No configuration.

History

14 Aug 2025, 13:12

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una posible vulnerabilidad de seguridad en el BIOS del sistema de algunos productos HP PC. Esta vulnerabilidad podría permitir la escalada de privilegios, la ejecución de código arbitrario, la denegación de servicio o la divulgación de información mediante un ataque físico que requiere equipo y conocimientos especializados. HP está lanzando una solución de mitigación de firmware para esta posible vulnerabilidad.

13 Aug 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-13 18:15

Updated : 2025-08-14 13:12

NVD link : CVE-2024-5477

Mitre link : CVE-2024-5477

CVE.ORG link : CVE-2024-5477

JSON object : View

Products Affected

No product.

CWE

CWE-1256

Improper Restriction of Software Interfaces to Hardware Features

{"id": "CVE-2024-5477", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-13T18:15:28.743", "references": [{"url": "https://support.hp.com/us-en/document/ish_12878449-12878471-16/hpsbhf04043", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-1256"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el BIOS del sistema de algunos productos HP PC. Esta vulnerabilidad podr\u00eda permitir la escalada de privilegios, la ejecuci\u00f3n de c\u00f3digo arbitrario, la denegaci\u00f3n de servicio o la divulgaci\u00f3n de informaci\u00f3n mediante un ataque f\u00edsico que requiere equipo y conocimientos especializados. HP est\u00e1 lanzando una soluci\u00f3n de mitigaci\u00f3n de firmware para esta posible vulnerabilidad."}], "lastModified": "2025-08-14T13:12:09.870", "sourceIdentifier": "hp-security-alert@hp.com"}