← Back

CVE-2023-26299

nvd nist
Published: Jun 30, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Affected (59)

Products: Hp: 260 G4 Desktop Mini Firmware, T430 Firmware, T628 Firmware, 240 G10 Firmware, 245 G6 Firmware, 245 G7 Firmware, 245 G8 Firmware, 247 G8 Firmware, 250 G10 Firmware, 255 G10 Firmware, 349 G7 Firmware, 470 G10 Firmware, 470 G9 Firmware, Zhan 99 G2 Firmware, Zhan 99 G4 Firmware, Vr Backpack G2 Firmware, 200 G3 Firmware, 200 G4 22 All In One Firmware, 200 Pro G4 22 All In One Firmware, 205 G4 22 All In One Firmware, 205 Pro G4 22 All In One Firmware, 280 G3 Firmware, 280 G4 Firmware, 280 G4 Microtower Firmware, 280 G5 Firmware, 280 G5 Small Form Factor Firmware, 280 G6 Firmware, 280 G8 Microtower Firmware, 280 Pro G3 Firmware, 280 Pro G4 Microtower Firmware, 280 Pro G5 Small Form Factor Firmware, 282 G5 Firmware, 282 G6 Firmware, 282 Pro G4 Microtower Firmware, 288 G5 Firmware, 288 G6 Firmware, 288 Pro G4 Microtower Firmware, 290 G1 Firmware, 290 G2 Firmware, 290 G2 Microtower Firmware, 290 G3 Firmware, 290 G3 Small Form Factor Firmware, 290 G4 Firmware, Desktop Pro G1 Microtower Firmware, Pro Small Form Factor 280 G9 Desktop Firmware, Pro Small Form Factor 290 G9 Desktop Firmware, Pro Small Form Factor Zhan 66 G9 Desktop Firmware, Pro Tower 200 G9 Desktop Firmware, Pro Tower 280 G9 Desktop Firmware, Pro Tower 290 G9 Desktop Firmware, Pro Tower Zhan 99 G9 Desktop Firmware, Proone 240 G10 Firmware, Proone 240 G9 Firmware, Proone 440 G3 Firmware, Proone 490 G3 Firmware, Proone 496 G3 Firmware, Z Vr Backpack G1 Workstation Firmware, Zhan 86 Pro G2 Microtower Firmware, Zhan 99 Pro G1 Microtower Firmware
Hp
59 products
260 G4 Desktop Mini Firmware
T430 Firmware
T628 Firmware
240 G10 Firmware
245 G6 Firmware
245 G7 Firmware
245 G8 Firmware
247 G8 Firmware
250 G10 Firmware
255 G10 Firmware
349 G7 Firmware
470 G10 Firmware
470 G9 Firmware
Zhan 99 G2 Firmware
Zhan 99 G4 Firmware
Vr Backpack G2 Firmware
200 G3 Firmware
200 G4 22 All In One Firmware
200 Pro G4 22 All In One Firmware
205 G4 22 All In One Firmware
205 Pro G4 22 All In One Firmware
280 G3 Firmware
280 G4 Firmware
280 G4 Microtower Firmware
280 G5 Firmware
280 G5 Small Form Factor Firmware
280 G6 Firmware
280 G8 Microtower Firmware
280 Pro G3 Firmware
280 Pro G4 Microtower Firmware
280 Pro G5 Small Form Factor Firmware
282 G5 Firmware
282 G6 Firmware
282 Pro G4 Microtower Firmware
288 G5 Firmware
288 G6 Firmware
288 Pro G4 Microtower Firmware
290 G1 Firmware
290 G2 Firmware
290 G2 Microtower Firmware
290 G3 Firmware
290 G3 Small Form Factor Firmware
290 G4 Firmware
Desktop Pro G1 Microtower Firmware
Pro Small Form Factor 280 G9 Desktop Firmware
Pro Small Form Factor 290 G9 Desktop Firmware
Pro Small Form Factor Zhan 66 G9 Desktop Firmware
Pro Tower 200 G9 Desktop Firmware
Pro Tower 280 G9 Desktop Firmware
Pro Tower 290 G9 Desktop Firmware
Pro Tower Zhan 99 G9 Desktop Firmware
Proone 240 G10 Firmware
Proone 240 G9 Firmware
Proone 440 G3 Firmware
Proone 490 G3 Firmware
Proone 496 G3 Firmware
Z Vr Backpack G1 Workstation Firmware
Zhan 86 Pro G2 Microtower Firmware
Zhan 99 Pro G1 Microtower Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
260 G4 Desktop Mini Firmware
Before 2.14
Running on/withPlatform Versions
Hp
260 G4 Desktop Mini
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
T430 Firmware
Before 00.01.11
Running on/withPlatform Versions
Hp
T430
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
T628 Firmware
Before 00.01.10
Running on/withPlatform Versions
Hp
T628
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
240 G10 Firmware
Before f.04
Running on/withPlatform Versions
Hp
240 G10
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
245 G6 Firmware
Before f.35
Running on/withPlatform Versions
Hp
245 G6
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
245 G7 Firmware
Before f.69
Running on/withPlatform Versions
Hp
245 G7
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
245 G8 Firmware
Before f.25
Running on/withPlatform Versions
Hp
245 G8
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
247 G8 Firmware
Before f.69
Running on/withPlatform Versions
Hp
247 G8
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
250 G10 Firmware
Before f.05
Running on/withPlatform Versions
Hp
250 G10
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
255 G10 Firmware
Before f.08
Running on/withPlatform Versions
Hp
255 G10
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
349 G7 Firmware
Before f.28
Running on/withPlatform Versions
Hp
349 G7
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
470 G10 Firmware
Before f.02
Running on/withPlatform Versions
Hp
470 G10
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
470 G9 Firmware
Before f.05
Running on/withPlatform Versions
Hp
470 G9
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zhan 99 G2 Firmware
Before f.24
Running on/withPlatform Versions
Hp
Zhan 99 G2
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zhan 99 G4 Firmware
Before f.08
Running on/withPlatform Versions
Hp
Zhan 99 G4
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vr Backpack G2 Firmware
Before f.28
Running on/withPlatform Versions
Hp
Vr Backpack G2
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
200 G3 Firmware
All versions
Running on/withPlatform Versions
Hp
200 G3
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
200 G4 22 All In One Firmware
All versions
Running on/withPlatform Versions
Hp
200 G4 22 All In One
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
200 Pro G4 22 All In One Firmware
All versions
Running on/withPlatform Versions
Hp
200 Pro G4 22 All In One
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
205 G4 22 All In One Firmware
All versions
Running on/withPlatform Versions
Hp
205 G4 22 All In One
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
205 Pro G4 22 All In One Firmware
All versions
Running on/withPlatform Versions
Hp
205 Pro G4 22 All In One
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 G3 Firmware
All versions
Running on/withPlatform Versions
Hp
280 G3
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 G4 Firmware
All versions
Running on/withPlatform Versions
Hp
280 G4
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 G4 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
280 G4 Microtower
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 G5 Firmware
All versions
Running on/withPlatform Versions
Hp
280 G5
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 G5 Small Form Factor Firmware
All versions
Running on/withPlatform Versions
Hp
280 G5 Small Form Factor
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 G6 Firmware
All versions
Running on/withPlatform Versions
Hp
280 G6
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 G8 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
280 G8 Microtower
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 Pro G3 Firmware
All versions
Running on/withPlatform Versions
Hp
280 Pro G3
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 Pro G4 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
280 Pro G4 Microtower
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
280 Pro G5 Small Form Factor Firmware
All versions
Running on/withPlatform Versions
Hp
280 Pro G5 Small Form Factor
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
282 G5 Firmware
All versions
Running on/withPlatform Versions
Hp
282 G5
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
282 G6 Firmware
All versions
Running on/withPlatform Versions
Hp
282 G6
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
282 Pro G4 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
282 Pro G4 Microtower
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
288 G5 Firmware
All versions
Running on/withPlatform Versions
Hp
288 G5
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
288 G6 Firmware
All versions
Running on/withPlatform Versions
Hp
288 G6
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
288 Pro G4 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
288 Pro G4 Microtower
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
290 G1 Firmware
All versions
Running on/withPlatform Versions
Hp
290 G1
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
290 G2 Firmware
All versions
Running on/withPlatform Versions
Hp
290 G2
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
290 G2 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
290 G2 Microtower
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
290 G3 Firmware
All versions
Running on/withPlatform Versions
Hp
290 G3
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
290 G3 Small Form Factor Firmware
All versions
Running on/withPlatform Versions
Hp
290 G3 Small Form Factor
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
290 G4 Firmware
All versions
Running on/withPlatform Versions
Hp
290 G4
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Desktop Pro G1 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
Desktop Pro G1 Microtower
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Small Form Factor 280 G9 Desktop Firmware
All versions
Running on/withPlatform Versions
Hp
Pro Small Form Factor 280 G9 Desktop
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Small Form Factor 290 G9 Desktop Firmware
All versions
Running on/withPlatform Versions
Hp
Pro Small Form Factor 290 G9 Desktop
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Small Form Factor Zhan 66 G9 Desktop Firmware
All versions
Running on/withPlatform Versions
Hp
Pro Small Form Factor Zhan 66 G9 Desktop
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Tower 200 G9 Desktop Firmware
All versions
Running on/withPlatform Versions
Hp
Pro Tower 200 G9 Desktop
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Tower 280 G9 Desktop Firmware
All versions
Running on/withPlatform Versions
Hp
Pro Tower 280 G9 Desktop
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Tower 290 G9 Desktop Firmware
All versions
Running on/withPlatform Versions
Hp
Pro Tower 290 G9 Desktop
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pro Tower Zhan 99 G9 Desktop Firmware
All versions
Running on/withPlatform Versions
Hp
Pro Tower Zhan 99 G9 Desktop
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Proone 240 G10 Firmware
All versions
Running on/withPlatform Versions
Hp
Proone 240 G10
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Proone 240 G9 Firmware
All versions
Running on/withPlatform Versions
Hp
Proone 240 G9
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Proone 440 G3 Firmware
All versions
Running on/withPlatform Versions
Hp
Proone 440 G3
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Proone 490 G3 Firmware
All versions
Running on/withPlatform Versions
Hp
Proone 490 G3
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Proone 496 G3 Firmware
All versions
Running on/withPlatform Versions
Hp
Proone 496 G3
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Z Vr Backpack G1 Workstation Firmware
All versions
Running on/withPlatform Versions
Hp
Z Vr Backpack G1 Workstation
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zhan 86 Pro G2 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
Zhan 86 Pro G2 Microtower
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zhan 99 Pro G1 Microtower Firmware
All versions
Running on/withPlatform Versions
Hp
Zhan 99 Pro G1 Microtower
All versions

Related CWEs

CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (2)

Source: hp-security-alert@hp.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.