CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are releasing firmware to mitigate these vulnerabilities.
AMI and Insyde have released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below.
Vendor | Product | Version | CPE |
---|---|---|---|
hp | 340_g4_firmware | * | cpe:2.3:o:hp:340_g4_firmware:*:*:*:*:*:*:*:* |
hp | 348_g4_firmware | * | cpe:2.3:o:hp:348_g4_firmware:*:*:*:*:*:*:*:* |
hp | 218_pro_g5_mt_firmware | * | cpe:2.3:o:hp:218_pro_g5_mt_firmware:*:*:*:*:*:*:*:* |
hp | 260_g2_desktop_mini_firmware | * | cpe:2.3:o:hp:260_g2_desktop_mini_firmware:*:*:*:*:*:*:*:* |
hp | 260_g3_desktop_mini_pc_firmware | * | cpe:2.3:o:hp:260_g3_desktop_mini_pc_firmware:*:*:*:*:*:*:*:* |
hp | 260_g4_desktop_mini_pc_firmware | * | cpe:2.3:o:hp:260_g4_desktop_mini_pc_firmware:*:*:*:*:*:*:*:* |
hp | 280_g3_microtower_pc_firmware | * | cpe:2.3:o:hp:280_g3_microtower_pc_firmware:*:*:*:*:*:*:*:* |
hp | 280_g3_pci_microtower_pc_firmware | * | cpe:2.3:o:hp:280_g3_pci_microtower_pc_firmware:*:*:*:*:*:*:*:* |
hp | 288_pro_g3_microtower_pc_firmware | * | cpe:2.3:o:hp:288_pro_g3_microtower_pc_firmware:*:*:*:*:*:*:*:* |
hp | 290_g1_microtower_pc_firmware | * | cpe:2.3:o:hp:290_g1_microtower_pc_firmware:*:*:*:*:*:*:*:* |