CVE-2021-3661

Published: Dec 12, 2022Modified: Apr 29, 2025

8.4

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.5 / Impact: 5.9

Source: NVD

Description

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

Affected (20)

Products: Hp: Z1 All In One G3 Firmware, Z2 Mini G3 Firmware, Z2 Mini G4 Firmware, Z2 Mini G5 Firmware, Z2 Small Form Factor G4 Firmware, Z2 Small Form Factor G5 Firmware, Z2 Small Form Factor G8 Firmware, Z2 Tower G4 Firmware, Z2 Tower G5 Firmware, Z2 Tower G8 Firmware, Z238 Microtower Firmware, Z240 Small Form Factor Firmware, Z240 Tower Firmware, Z4 G4 Firmware, Z440 Firmware, Z6 G4 Firmware, Z640 Firmware, Z8 G4 Firmware, Z840 Firmware, Zcentral 4r Firmware

20 products

Z1 All In One G3 Firmware

Z2 Mini G3 Firmware

Z2 Mini G4 Firmware

Z2 Mini G5 Firmware

Z2 Small Form Factor G4 Firmware

Z2 Small Form Factor G5 Firmware

Z2 Small Form Factor G8 Firmware

Z2 Tower G4 Firmware

Z2 Tower G5 Firmware

Z2 Tower G8 Firmware

Z238 Microtower Firmware

Z240 Small Form Factor Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z1 All In One G3 Firmware	Version 01.31

Running on/with	Platform Versions
Hp Z1 All In One G3	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Mini G3 Firmware	Version 01.83

Running on/with	Platform Versions
Hp Z2 Mini G3	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Mini G4 Firmware	Version 01.08.01

Running on/with	Platform Versions
Hp Z2 Mini G4	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Mini G5 Firmware	Version 01.03.00_rev_a

Running on/with	Platform Versions
Hp Z2 Mini G5	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Small Form Factor G4 Firmware	Version 01.08.01

Running on/with	Platform Versions
Hp Z2 Small Form Factor G4	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Small Form Factor G5 Firmware	Version 01.03.00_rev_a

Running on/with	Platform Versions
Hp Z2 Small Form Factor G5	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Small Form Factor G8 Firmware	Version 01.03.00_rev_a

Running on/with	Platform Versions
Hp Z2 Small Form Factor G8	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Tower G4 Firmware	Version 01.08.01

Running on/with	Platform Versions
Hp Z2 Tower G4	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Tower G5 Firmware	Version 01.03.00_rev_a

Running on/with	Platform Versions
Hp Z2 Tower G5	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z2 Tower G8 Firmware	Version 01.03.00_rev_a

Running on/with	Platform Versions
Hp Z2 Tower G8	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z238 Microtower Firmware	Version 01.83

Running on/with	Platform Versions
Hp Z238 Microtower	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z240 Small Form Factor Firmware	Version 01.83

Running on/with	Platform Versions
Hp Z240 Small Form Factor	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z240 Tower Firmware	Version 01.83

Running on/with	Platform Versions
Hp Z240 Tower	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z4 G4 Firmware	Version 02.75

Running on/with	Platform Versions
Hp Z4 G4	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z440 Firmware	Version 2.58

Running on/with	Platform Versions
Hp Z440	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z6 G4 Firmware	Version 02.75

Running on/with	Platform Versions
Hp Z6 G4	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z640 Firmware	Version 2.58

Running on/with	Platform Versions
Hp Z640	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z8 G4 Firmware	Version 02.75

Running on/with	Platform Versions
Hp Z8 G4	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Z840 Firmware	Version 2.58

Running on/with	Platform Versions
Hp Z840	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hp Zcentral 4r Firmware	Version 01.18

Running on/with	Platform Versions
Hp Zcentral 4r	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770

Source: hp-security-alert@hp.com

Vendor Advisory

https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.