CVE-2019-6321

CWE-6673 documents3 sources

Severity

7.2HIGH

EPSS

0.4%

top 41.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Z4 G4 Core-x Workstation Firmware HP Z4 G4 Workstation Firmware HP Z6 G4 Workstation Firmware +1 more

Timeline

PublishedMay 29

Latest updateMay 24

Description

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages12 packages

▶NVDhp/z4_g4_workstation_firmware< 1.70

▶NVDhp/z6_g4_workstation_firmware< 1.71

▶NVDhp/z8_g4_workstation_firmware< 1.71

▶NVDhp/z4_g4_core-x_workstation_firmware< 1.70

▶CVEListV5hp_z6_g4_workstationbefore 1.71

Patches

Patch: support.hp.com ↗Patch: support.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-9c6c-jqh5-vqv4: HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with i↗2022-05-24

▶

CVEList

CVE-2019-6321: HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with i↗2019-05-29

▶