CVE-2021-39300

3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 81.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

187

HP Elite Dragonfly Firmware HP Elite Dragonfly G2 Firmware HP Elite Dragonfly MAX Firmware +184 more

Timeline

PublishedFeb 16

Latest updateFeb 17

Description

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages187 packages

▶NVDhp/elite_x2_g4_firmware< 01.12.00

▶NVDhp/zbook_15_g5_firmware< 01.19.00

▶NVDhp/zbook_15_g6_firmware< 01.12.00

▶NVDhp/zbook_17_g5_firmware< 01.19.00

▶NVDhp/zbook_17_g6_firmware< 01.12.00

Patches

Patch: support.hp.com ↗Patch: support.hp.com ↗

🔴Vulnerability Details

GHSA

GHSA-mrxw-5mv6-xrf2: Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code↗2022-02-17

▶

CVEList

CVE-2021-39300: Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code↗2022-02-16

▶