CVE-2021-3439

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 91.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

159

HP 218 PRO G5 Microtower PC Firmware HP 240 G6 Firmware HP 240 G7 Firmware +156 more

Timeline

PublishedFeb 1

Description

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages159 packages

▶NVDhp/zbook_15v_g5_mobile_workstation_firmware< f.32

▶NVDhp/240_g6_firmware< f.50

▶NVDhp/240_g7_firmware< f.64

▶NVDhp/246_g6_firmware< f.50

▶NVDhp/246_g7_firmware< f.64

Patches

Patch: support.hp.com ↗Patch: support.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-fr5f-66rh-432p: HP has identified a potential vulnerability in BIOS firmware of some Workstation products↗2023-02-01

▶

CVEList

CVE-2021-3439: HP has identified a potential vulnerability in BIOS firmware of some Workstation products↗2023-01-30

▶