Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18913

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.8, with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 66 products from hp, from hp, from hp and 63 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2020, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2020-01-31T04:15:10.993

Last Modified

2024-11-21T04:33:49.720

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System hp elitedesk_800_g5_dm_firmware < 02.04.02 Yes
Hardware hp elitedesk_800_g5_dm - No
Operating System hp elitedesk_800_g5_sff_firmware < 02.04.02 Yes
Hardware hp elitedesk_800_g5_sff - No
Operating System hp elitedesk_800_g5_twr_firmware < 02.04.02 Yes
Hardware hp elitedesk_800_g5_twr - No
Operating System hp eliteone_800_g5_aio_firmware < 02.04.02 Yes
Hardware hp eliteone_800_g5_aio - No
Operating System hp prodesk_400_g5_dm_firmware < 02.04.01 Yes
Hardware hp prodesk_400_g5_dm - No
Operating System hp prodesk_400_g6_mt_firmware < 02.04.01 Yes
Hardware hp prodesk_400_g6_mt - No
Operating System hp prodesk_400_g6_sff_firmware < 02.04.02 Yes
Hardware hp prodesk_400_g6_sff - No
Operating System hp prodesk_480_g6_mt_firmware < 02.04.01 Yes
Hardware hp prodesk_480_g6_mt - No
Operating System hp prodesk_600_g5_dm_firmware < 02.04.01 Yes
Hardware hp prodesk_600_g5_dm - No
Operating System hp prodesk_600_g5_mt_firmware < 02.04.01 Yes
Hardware hp prodesk_600_g5_mt - No
Operating System hp prodesk_600_g5_pci_mt_firmware < 02.04.01 Yes
Hardware hp prodesk_600_g5_pci_mt - No
Operating System hp prodesk_600_g5_sff_firmware < 02.04.01 Yes
Hardware hp prodesk_600_g5_sff - No
Operating System hp proone_400_g5_aio_firmware < 02.04.01 Yes
Hardware hp proone_400_g5_aio - No
Operating System hp proone_440_g5_aio_firmware < 02.04.01 Yes
Hardware hp proone_440_g5_aio - No
Operating System hp proone_600_g5_aio_firmware < 02.04.01 Yes
Hardware hp proone_600_g5_aio - No
Operating System hp elite_dragonfly_firmware < 01.04.02 Yes
Hardware hp elite_dragonfly - No
Operating System hp elite_x2_g4_firmware < 01.04.02 Yes
Hardware hp elite_x2_g4 - No
Operating System hp elitebook_830_g6_firmware < 01.04.02 Yes
Hardware hp elitebook_830_g6 - No
Operating System hp elitebook_836_g6_firmware < 01.04.02 Yes
Hardware hp elitebook_836_g6 - No
Operating System hp elitebook_840_g6_firmware < 01.04.02 Yes
Hardware hp elitebook_840_g6 - No
Operating System hp elitebook_840_g6_healthcare_edition_firmware < 01.04.02 Yes
Hardware hp elitebook_840_g6_healthcare_edition - No
Operating System hp elitebook_846_g6_firmware < 01.04.02 Yes
Hardware hp elitebook_846_g6 - No
Operating System hp elitebook_846_g6_healthcare_edition_firmware < 01.04.02 Yes
Hardware hp elitebook_846_g6_healthcare_edition - No
Operating System hp elitebook_850_g6_firmware < 01.04.02 Yes
Hardware hp elitebook_850_g6 - No
Operating System hp elitebook_x360_1030_g4_firmware < 01.04.02 Yes
Hardware hp elitebook_x360_1030_g4 - No
Operating System hp elitebook_x360_1040_g6_firmware < 01.04.02 Yes
Hardware hp elitebook_x360_1040_g6 - No
Operating System hp elitebook_x360_830_g6_firmware < 01.04.02 Yes
Hardware hp elitebook_x360_830_g6 - No
Operating System hp probook_640_g5_firmware < 01.04.02 Yes
Hardware hp probook_640_g5 - No
Operating System hp probook_650_g5_firmware < 01.04.02 Yes
Hardware hp probook_650_g5 - No
Operating System hp zbook_14u_g6_mobile_workstation_firmware < 01.04.02 Yes
Hardware hp zbook_14u_g6_mobile_workstation - No
Operating System hp zbook_15u_g6_mobile_workstation_firmware < 01.04.02 Yes
Hardware hp zbook_15u_g6_mobile_workstation - No
Operating System hp zhan_x_13_g2_firmware < 01.04.02 Yes
Hardware hp zhan_x_13_g2 - No
Operating System hp zbook_17u_g6_mobile_workstation_firmware < 01.04.02 Yes
Hardware hp zbook_17u_g6_mobile_workstation - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For hp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.