CVE-2023-26300 — HP 200 G4 22 All-in-one PC Firmware vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 66.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP 200 G4 22 All-in-one PC Firmware HP 200 PRO G4 22 All-in-one PC Firmware HP 205 G4 22 All-in-one PC Firmware +62 more

Timeline

PublishedOct 18

Description

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages65 packages

▶NVDhp/245_firmware< f.11

▶NVDhp/240_g6_firmware< f.55

▶NVDhp/240_g7_firmware< f.75

▶NVDhp/240_g9_firmware< f.06

▶NVDhp/245_g7_firmware< f.70

Patches

Patch: support.hp.com ↗Patch: support.hp.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-26300: A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege↗2023-10-18

▶

GHSA

GHSA-jppc-gxqh-pgw5: A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege↗2023-10-18

▶