CVE-2024-5477

High CVSS 7.3

Overview

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.

CWE: CWE-1256 Published: 2025-08-13T18:15:28.743

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.3 (HIGH)
Detected tags: dos, info_leak, rce (tag impact: VERY HIGH)

Recommended actions:

Rate limiting, resource quotas and circuit breakers.
Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags