Skip to main content

260 G1 Dm Firmware CVE-2019-16284

HIGH
2019-11-05 hp-security-alert@hp.com
HP RCE 260 G1 Dm Firmware 280 Pro G1 Firmware 285 G2 Firmware 340 G3 Firmware 340 G4 Firmware 346 G3 Firmware 346 G4 Firmware 348 G3 Firmware 348 G4 Firmware Elite Slice Firmware Elite X2 1011 G1 Firmware Elite X2 1012 G1 Firmware Elitebook 1030 G1 Firmware Elitebook 1040 G2 Firmware Elitebook 720 G1 Firmware Elitebook 720 G2 Firmware Elitebook 740 G1 Firmware Elitebook 740 G2 Firmware Elitebook 750 G1 Firmware Elitebook 750 G2 Firmware Elitebook 820 G1 Firmware Elitebook 820 G2 Firmware Elitebook 820 G3 Firmware Elitebook 828 G3 Firmware Elitebook 840 G1 Firmware Elitebook 840 G2 Firmware Elitebook 840 G3 Firmware Elitebook 848 G3 Firmware Elitebook 850 G1 Firmware Elitebook 850 G2 Firmware Elitebook 850 G3 Firmware Elitebook Folio 1020 G1 Firmware Elitebook Folio 1040 G1 Firmware Elitebook Folio 1040 G3 Firmware Elitebook Folio 9480M Firmware Elitebook Folio G1 Firmware Elitebook Revolve 810 G2 Firmware Elitebook Revolve 810 G3 Firmware Elitedesk 800 G2 Dm Firmware Elitedesk 800 G2 Sff Firmware Elitedesk 800 G2 Twr Firmware Eliteone 800 G2 Aio Firmware Elitepad 1000 G2 Firmware Mp9 G2 Retail System Firmware Pro Tablet 10 Ee G1 Firmware Pro Tablet 608 G1 Firmware Pro Tablet 610 G1 Firmware Pro X2 612 G1 Firmware Probook 11 G1 Firmware Probook 11 G2 Firmware Probook 430 G1 Firmware Probook 430 G2 Firmware Probook 430 G3 Firmware Probook 440 G1 Firmware Probook 440 G2 Firmware Probook 440 G3 Firmware Probook 450 G1 Firmware Probook 450 G2 Firmware Probook 450 G3 Firmware Probook 470 G1 Firmware Probook 470 G2 Firmware Probook 470 G3 Firmware Probook 640 G1 Firmware Probook 640 G2 Firmware Probook 650 G1 Firmware Probook 650 G2 Firmware Probook X360 11 G1 Firmware Prodesk 400 G1 Dm Firmware Prodesk 400 G2 Dm Firmware Prodesk 400 G2 5 Sff Firmware Prodesk 400 G3 Sff Firmware Prodesk 405 G2 Mt Firmware Prodesk 485 G2 Mt Firmware Prodesk 480 G3 Sff Firmware Prodesk 490 G2 Mt Firmware Prodesk 490 G3 Sff Firmware Prodesk 498 G2 Mt Firmware Prodesk 498 G3 Sff Firmware Prodesk 600 G2 Dm Firmware Prodesk 600 G2 Sff Firmware Proone 400 G2 Aio Firmware Proone 600 G2 Aio Firmware Rp2 Retail System Firmware Rp9 G1 Retail System 9015 Firmware Rp9 G1 Retail System 9018 Firmware Zbook 14 G2 Firmware Zbook 14 Firmware Zbook 15 G2 Firmware Zbook 15 G3 Firmware Zbook 15 Firmware Zbook 15U G2 Firmware Zbook 15U G3 Firmware Zbook 17 G2 Firmware Zbook 17 G3 Firmware Zbook 17 Firmware Zbook Studio G3 Firmware Z1 G3 Firmware Z2 Mini G3 Firmware Z238 Microtower Firmware Z240 Sff Firmware Z240 Tower Firmware Sprout Pro Firmware
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 05, 2019 - 21:15 nvd
HIGH 7.2

DescriptionNVD

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

AnalysisAI

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. Affected products include: Hp 260 G1 Dm Firmware, Hp 280 Pro G1 Firmware, Hp 285 G2 Firmware, Hp 340 G3 Firmware, Hp 340 G4 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2019-16284 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy