Lucene search

PRIOn knowledge basePRION:CVE-2023-26299

HistoryJun 30, 2023 - 4:15 p.m.

Design/Logic Flaw

2023-06-3016:15:00

PRIOn knowledge base

www.prio-n.com

toctou vulnerability

hp pc products

ami uefi firmware

arbitrary code execution

nvd

logic flaw

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

CPENameOperatorVersion
240_g10_firmwareeq< f.4
245_g6_firmwareeq< f.35
245_g7_firmwareeq< f.69
245_g8_firmwareeq< f.25
247_g8_firmwareeq< f.69
250_g10_firmwareeq< f.5
255_g10_firmwareeq< f.8
260_g4_desktop_mini_firmwarelt2.14
349_g7_firmwareeq< f.28
470_g10_firmwareeq< f.2

Name	Operator	Version
240_g10_firmware	eq	< f.4
245_g6_firmware	eq	< f.35
245_g7_firmware	eq	< f.69
245_g8_firmware	eq	< f.25
247_g8_firmware	eq	< f.69
250_g10_firmware	eq	< f.5
255_g10_firmware	eq	< f.8
260_g4_desktop_mini_firmware	lt	2.14
349_g7_firmware	eq	< f.28
470_g10_firmware	eq	< f.2

Rows per page:

1-10 of 161

References

support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for PRION:CVE-2023-26299