CVE-2019-18913
6.8
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 5.9
Source: NVD
Description
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).
Affected (33)
Products: Hp: Elitedesk 800 G5 Dm Firmware, Elitedesk 800 G5 Sff Firmware, Elitedesk 800 G5 Twr Firmware, Eliteone 800 G5 Aio Firmware, Prodesk 400 G5 Dm Firmware, Prodesk 400 G6 Mt Firmware, Prodesk 400 G6 Sff Firmware, Prodesk 480 G6 Mt Firmware, Prodesk 600 G5 Dm Firmware, Prodesk 600 G5 Mt Firmware, Prodesk 600 G5 Pci Mt Firmware, Prodesk 600 G5 Sff Firmware, Proone 400 G5 Aio Firmware, Proone 440 G5 Aio Firmware, Proone 600 G5 Aio Firmware, Elite Dragonfly Firmware, Elite X2 G4 Firmware, Elitebook 830 G6 Firmware, Elitebook 836 G6 Firmware, Elitebook 840 G6 Firmware, Elitebook 840 G6 Healthcare Edition Firmware, Elitebook 846 G6 Firmware, Elitebook 846 G6 Healthcare Edition Firmware, Elitebook 850 G6 Firmware, Elitebook X360 1030 G4 Firmware, Elitebook X360 1040 G6 Firmware, Elitebook X360 830 G6 Firmware, Probook 640 G5 Firmware, Probook 650 G5 Firmware, Zbook 14u G6 Mobile Workstation Firmware, Zbook 15u G6 Mobile Workstation Firmware, Zhan X 13 G2 Firmware, Zbook 17u G6 Mobile Workstation Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitedesk 800 G5 Dm | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitedesk 800 G5 Sff | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitedesk 800 G5 Twr | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Eliteone 800 G5 Aio | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 400 G5 Dm | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 400 G6 Mt | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 400 G6 Sff | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 480 G6 Mt | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 600 G5 Dm | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 600 G5 Mt | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 600 G5 Pci Mt | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Prodesk 600 G5 Sff | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Proone 400 G5 Aio | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Proone 440 G5 Aio | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 02.04.01 |
| Running on/with | Platform Versions |
|---|---|
Hp Proone 600 G5 Aio | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elite Dragonfly | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elite X2 G4 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook 830 G6 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook 836 G6 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook 840 G6 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook 840 G6 Healthcare Edition | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook 846 G6 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook 846 G6 Healthcare Edition | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook 850 G6 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook X360 1030 G4 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook X360 1040 G6 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Elitebook X360 830 G6 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Probook 640 G5 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Probook 650 G5 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Zbook 14u G6 Mobile Workstation | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Zbook 15u G6 Mobile Workstation | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Zhan X 13 G2 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 01.04.02 |
| Running on/with | Platform Versions |
|---|---|
Hp Zbook 17u G6 Mobile Workstation | All versions |
References (2)
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.