Arbitrary Code Execution, Denial of Service, Information Disclosure.
Source: HP, HP Product Security Response Team (PSRT).
Reported by: Mickey Shkatov from Eclypsium, and Zoltan Harmath from Microsoft.
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots inside a computer with specialized hardware and software tools to modify UEFI code in memory.
VULNERABILITY SUMMARY
Reference
|
Base Vector
|
Base Score
|
CVE-2019-18913
|
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
6.1
|
note:HP recommends keeping your system up to date with the latest firmware, drivers, and software.Sign up for HP Subscriptions and get notifications for:
Product support eAlerts Driver updates Security bulletin updates
Product Name
|
Updated Version
|
SoftPaq #
|
SoftPaq Link
|
HP EliteDesk 800 G5 DM
|
02.04.02
|
SP101126
| |
HP EliteDesk 800 G5 SFF
|
02.04.02
|
SP101143
| |
HP EliteDesk 800 G5 TWR
|
02.04.02
|
SP101143
| |
HP EliteOne 800 G5 AIO
|
02.04.02
|
SP101120
| |
HP ProDesk 400 G5 DM
|
02.04.01
|
SP101128
| |
HP ProDesk 400 G6 MT
|
02.04.01
|
SP101145
| |
HP ProDesk 400 G6 SFF
|
02.04.02
|
SP101148
| |
HP ProDesk 480 G6 MT
|
02.04.01
|
SP101145
| |
HP ProDesk 600 G5 DM
|
02.04.01
|
SP101127
| |
HP ProDesk 600 G5 MT
|
02.04.01
|
SP101144
| |
HP ProDesk 600 G5 PCI MT
|
02.04.01
|
SP101144
| |
HP ProDesk 600 G5 SFF
|
02.04.01
|
SP101255
| |
HP ProOne 400 G5 AiO
|
02.04.01
|
SP101174
| |
HP ProOne 440 G5 AiO
|
02.04.01
|
SP101174
| |
HP ProOne 600 G5 AiO
|
02.04.01
|
SP101174
| |
HP Elite Dragonfly
|
01.04.02
|
SP101295
| |
HP Elite x2 G4
|
01.04.02
|
SP101379
| |
HP EliteBook 830 G6
|
01.04.02
|
SP101245
| |
HP EliteBook 836 G6
|
01.04.02
|
SP101245
| |
HP EliteBook 840 G6
|
01.04.02
|
SP101245
| |
HP EliteBook 840 G6 Healthcare Edition
|
01.04.02
|
SP101245
| |
HP EliteBook 846 G6
|
01.04.02
|
SP101245
| |
HP EliteBook 846 G6 Healthcare Edition
|
01.04.02
|
SP101245
| |
HP EliteBook 850 G6
|
01.04.02
|
SP101245
| |
HP EliteBook x360 1030 G4
|
01.04.02
|
SP101274
| |
HP EliteBook x360 1040 G6
|
01.04.02
|
SP101318
| |
HP EliteBook x360 830 G6
|
01.04.02
|
SP101247
| |
HP ProBook 640 G5
|
01.04.02
|
SP101246
| |
HP ProBook 650 G5
|
01.04.02
|
SP101246
| |
HP ZBook 14u G6 Mobile Workstation
|
01.04.02
|
SP101245
| |
HP ZBook 15 G6 Mobile Workstation
|
01.04.05
|
SP101734
| |
HP ZBook 15u G6 Mobile Workstation
|
01.04.02
|
SP101245
| |
HP ZBook 17 G6 Mobile Workstation
|
01.04.05
|
SP101734
| |
HP ZHAN X 13 G2
|
01.04.02
|
SP101248
|
PI
|
HP Printing and Imaging
|
HF
|
HP Hardware and Firmware
|
GN
|
HP General Software
|