CVE-2021-39301

3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 81.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
187
HP Elite Dragonfly FirmwareHP Elite Dragonfly G2 FirmwareHP Elite Dragonfly MAX Firmware+184 more
Timeline
PublishedFeb 16
Latest updateFeb 17

Description

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages187 packages

NVDhp/elite_x2_g4_firmware< 01.12.00
NVDhp/zbook_15_g5_firmware< 01.19.00
NVDhp/zbook_15_g6_firmware< 01.12.00
NVDhp/zbook_17_g5_firmware< 01.19.00
NVDhp/zbook_17_g6_firmware< 01.12.00

Patches

Patch: support.hp.comPatch: support.hp.com

🔴Vulnerability Details

2
GHSA
GHSA-rgq8-2gp9-h88f: Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code2022-02-17
CVEList
CVE-2021-39301: Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code2022-02-16
CVE-2021-39301 (HIGH CVSS 8.8) | Potential vulnerabilities have been | cvebase.io