Lucene search

[email protected]NVD:CVE-2023-26299

HistoryJun 30, 2023 - 4:15 p.m.

CVE-2023-26299

2023-06-3016:15:09

CWE-367

[email protected]

web.nvd.nist.gov

toctou

vulnerability

ami

uefi

firmware

bios

arbitrary code execution

update

mitigation

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Affected configurations

NVD

Node

hp260_g4_desktop_miniMatch-

AND

hp260_g4_desktop_mini_firmwareRange<2.14

Node

hpt430Match-

AND

hpt430_firmwareRange<00.01.11

Node

hpt628Match-

AND

hpt628_firmwareRange<00.01.10

Node

hp240_g10Match-

AND

hp240_g10_firmwareRange<f.04

Node

hp245_g6Match-

AND

hp245_g6_firmwareRange<f.35

Node

hp245_g7Match-

AND

hp245_g7_firmwareRange<f.69

Node

hp245_g8Match-

AND

hp245_g8_firmwareRange<f.25

Node

hp247_g8Match-

AND

hp247_g8_firmwareRange<f.69

Node

hp250_g10_firmwareRange<f.05

AND

hp250_g10Match-

Node

hp255_g10_firmwareRange<f.08

AND

hp255_g10Match-

Node

hp349_g7_firmwareRange<f.28

AND

hp349_g7Match-

Node

hp470_g10_firmwareRange<f.02

AND

hp470_g10Match-

Node

hp470_g9_firmwareRange<f.05

AND

hp470_g9Match-

Node

hpzhan_99_g2_firmwareRange<f.24

AND

hpzhan_99_g2Match-

Node

hpzhan_99_g4_firmwareRange<f.08

AND

hpzhan_99_g4Match-

Node

hpvr_backpack_g2_firmwareRange<f.28

AND

hpvr_backpack_g2Match-

Node

hp200_g3_firmwareMatch-

AND

hp200_g3Match-

Node

hp200_g4_22_all-in-one_firmwareMatch-

AND

hp200_g4_22_all-in-oneMatch-

Node

hp200_pro_g4_22_all-in-one_firmwareMatch-

AND

hp200_pro_g4_22_all-in-oneMatch-

Node

hp205_g4_22_all-in-one_firmwareMatch-

AND

hp205_g4_22_all-in-oneMatch-

Node

hp205_pro_g4_22_all-in-one_firmwareMatch-

AND

hp205_pro_g4_22_all-in-oneMatch-

Node

hp280_g3_firmwareMatch-

AND

hp280_g3Match-

Node

hp280_g4_firmwareMatch-

AND

hp280_g4Match-

Node

hp280_g4_microtower_firmwareMatch-

AND

hp280_g4_microtowerMatch-

Node

hp280_g5_firmwareMatch-

AND

hp280_g5Match-

Node

hp280_g5_small_form_factor_firmwareMatch-

AND

hp280_g5_small_form_factorMatch-

Node

hp280_g6_firmwareMatch-

AND

hp280_g6Match-

Node

hp280_g8_microtower_firmwareMatch-

AND

hp280_g8_microtowerMatch-

Node

hp280_pro_g3_firmwareMatch-

AND

hp280_pro_g3Match-

Node

hp280_pro_g4_microtower_firmwareMatch-

AND

hp280_pro_g4_microtowerMatch-

Node

hp280_pro_g5_small_form_factor_firmwareMatch-

AND

hp280_pro_g5_small_form_factorMatch-

Node

hp282_g5_firmwareMatch-

AND

hp282_g5Match-

Node

hp282_g6_firmwareMatch-

AND

hp282_g6Match-

Node

hp282_pro_g4_microtower_firmwareMatch-

AND

hp282_pro_g4_microtowerMatch-

Node

hp288_g5_firmwareMatch-

AND

hp288_g5Match-

Node

hp288_g6_firmwareMatch-

AND

hp288_g6Match-

Node

hp288_pro_g4_microtower_firmwareMatch-

AND

hp288_pro_g4_microtowerMatch-

Node

hp290_g1_firmwareMatch-

AND

hp290_g1Match-

Node

hp290_g2_firmwareMatch-

AND

hp290_g2Match-

Node

hp290_g2_microtower_firmwareMatch-

AND

hp290_g2_microtowerMatch-

Node

hp290_g3_firmwareMatch-

AND

hp290_g3Match-

Node

hp290_g3_small_form_factor_firmwareMatch-

AND

hp290_g3_small_form_factorMatch-

Node

hp290_g4_firmwareMatch-

AND

hp290_g4Match-

Node

hpdesktop_pro_g1_microtower_firmwareMatch-

AND

hpdesktop_pro_g1_microtowerMatch-

Node

hppro_small_form_factor_280_g9_desktop_firmwareMatch-

AND

hppro_small_form_factor_280_g9_desktopMatch-

Node

hppro_small_form_factor_290_g9_desktop_firmwareMatch-

AND

hppro_small_form_factor_290_g9_desktopMatch-

Node

hppro_small_form_factor_zhan_66_g9_desktop_firmwareMatch-

AND

hppro_small_form_factor_zhan_66_g9_desktopMatch-

Node

hppro_tower_200_g9_desktop_firmwareMatch-

AND

hppro_tower_200_g9_desktopMatch-

Node

hppro_tower_280_g9_desktop_firmwareMatch-

AND

hppro_tower_280_g9_desktopMatch-

Node

hppro_tower_290_g9_desktop_firmwareMatch-

AND

hppro_tower_290_g9_desktopMatch-

Node

hppro_tower_zhan_99_g9_desktop_firmwareMatch-

AND

hppro_tower_zhan_99_g9_desktopMatch-

Node

hpproone_240_g10_firmwareMatch-

AND

hpproone_240_g10Match-

Node

hpproone_240_g9_firmwareMatch-

AND

hpproone_240_g9Match-

Node

hpproone_440_g3_firmwareMatch-

AND

hpproone_440_g3Match-

Node

hpproone_490_g3_firmwareMatch-

AND

hpproone_490_g3Match-

Node

hpproone_496_g3_firmwareMatch-

AND

hpproone_496_g3Match-

Node

hpz_vr_backpack_g1_workstation_firmwareMatch-

AND

hpz_vr_backpack_g1_workstationMatch-

Node

hpzhan_86_pro_g2_microtower_firmwareMatch-

AND

hpzhan_86_pro_g2_microtowerMatch-

Node

hpzhan_99_pro_g1_microtower_firmwareMatch-

AND

hpzhan_99_pro_g1_microtowerMatch-

References

support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-26299

prion1 hp1 cve1 cvelist1