HP Product Security Response TeamHPSBHF03873HP t430 and t638 Thin Clients - Firmware Tampering Vulnerability
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
21.5%
HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.
HP recommends that customers implement these recommendations to mitigate their exposure to the identified vulnerability.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| hp | t430_thin_client_firmware | * | cpe:2.3:o:hp:t430_thin_client_firmware:*:*:*:*:*:*:*:* |
| hp | n44_bios_firmware | * | cpe:2.3:a:hp:n44_bios_firmware:*:*:*:*:*:*:*:* |
| hp | t638_thin_client_firmware | * | cpe:2.3:o:hp:t638_thin_client_firmware:*:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
21.5%