CVE-2019-16284

3 documents3 sources

Severity

7.2HIGH

EPSS

0.3%

top 46.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

103

HP 260 G1 DM Firmware HP 280 PRO G1 Firmware HP 285 G2 Firmware +100 more

Timeline

PublishedNov 5

Latest updateMay 24

Description

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages103 packages

▶CVEListV5hp_inc./multiple_-_see_https://support.hp.com/rs-en/document/c06456250Multiple - See https://support.hp.com/rs-en/document/c06456250

▶NVDhp/rp2_retail_system_firmware< 2.21

▶NVDhp/mp9_g2_retail_system_firmware< 2.42

▶NVDhp/rp9_g1_retail_system_9015_firmware< 2.42

▶NVDhp/rp9_g1_retail_system_9018_firmware< 2.42

🔴Vulnerability Details

GHSA

GHSA-8x49-r627-jgw5: A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during↗2022-05-24

▶

CVEList

CVE-2019-16284: A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during↗2019-11-05

▶