Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-18913

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Published

2020-01-31T04:15:10.993

Last Modified

2024-11-21T04:33:49.720

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	elitedesk_800_g5_dm_firmware	< 02.04.02	Yes
Hardware	hp	elitedesk_800_g5_dm	-	No
Operating System	hp	elitedesk_800_g5_sff_firmware	< 02.04.02	Yes
Hardware	hp	elitedesk_800_g5_sff	-	No
Operating System	hp	elitedesk_800_g5_twr_firmware	< 02.04.02	Yes
Hardware	hp	elitedesk_800_g5_twr	-	No
Operating System	hp	eliteone_800_g5_aio_firmware	< 02.04.02	Yes
Hardware	hp	eliteone_800_g5_aio	-	No
Operating System	hp	prodesk_400_g5_dm_firmware	< 02.04.01	Yes
Hardware	hp	prodesk_400_g5_dm	-	No
Operating System	hp	prodesk_400_g6_mt_firmware	< 02.04.01	Yes
Hardware	hp	prodesk_400_g6_mt	-	No
Operating System	hp	prodesk_400_g6_sff_firmware	< 02.04.02	Yes
Hardware	hp	prodesk_400_g6_sff	-	No
Operating System	hp	prodesk_480_g6_mt_firmware	< 02.04.01	Yes
Hardware	hp	prodesk_480_g6_mt	-	No
Operating System	hp	prodesk_600_g5_dm_firmware	< 02.04.01	Yes
Hardware	hp	prodesk_600_g5_dm	-	No
Operating System	hp	prodesk_600_g5_mt_firmware	< 02.04.01	Yes
Hardware	hp	prodesk_600_g5_mt	-	No
Operating System	hp	prodesk_600_g5_pci_mt_firmware	< 02.04.01	Yes
Hardware	hp	prodesk_600_g5_pci_mt	-	No
Operating System	hp	prodesk_600_g5_sff_firmware	< 02.04.01	Yes
Hardware	hp	prodesk_600_g5_sff	-	No
Operating System	hp	proone_400_g5_aio_firmware	< 02.04.01	Yes
Hardware	hp	proone_400_g5_aio	-	No
Operating System	hp	proone_440_g5_aio_firmware	< 02.04.01	Yes
Hardware	hp	proone_440_g5_aio	-	No
Operating System	hp	proone_600_g5_aio_firmware	< 02.04.01	Yes
Hardware	hp	proone_600_g5_aio	-	No
Operating System	hp	elite_dragonfly_firmware	< 01.04.02	Yes
Hardware	hp	elite_dragonfly	-	No
Operating System	hp	elite_x2_g4_firmware	< 01.04.02	Yes
Hardware	hp	elite_x2_g4	-	No
Operating System	hp	elitebook_830_g6_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_830_g6	-	No
Operating System	hp	elitebook_836_g6_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_836_g6	-	No
Operating System	hp	elitebook_840_g6_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_840_g6	-	No
Operating System	hp	elitebook_840_g6_healthcare_edition_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_840_g6_healthcare_edition	-	No
Operating System	hp	elitebook_846_g6_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_846_g6	-	No
Operating System	hp	elitebook_846_g6_healthcare_edition_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_846_g6_healthcare_edition	-	No
Operating System	hp	elitebook_850_g6_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_850_g6	-	No
Operating System	hp	elitebook_x360_1030_g4_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_x360_1030_g4	-	No
Operating System	hp	elitebook_x360_1040_g6_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_x360_1040_g6	-	No
Operating System	hp	elitebook_x360_830_g6_firmware	< 01.04.02	Yes
Hardware	hp	elitebook_x360_830_g6	-	No
Operating System	hp	probook_640_g5_firmware	< 01.04.02	Yes
Hardware	hp	probook_640_g5	-	No
Operating System	hp	probook_650_g5_firmware	< 01.04.02	Yes
Hardware	hp	probook_650_g5	-	No
Operating System	hp	zbook_14u_g6_mobile_workstation_firmware	< 01.04.02	Yes
Hardware	hp	zbook_14u_g6_mobile_workstation	-	No
Operating System	hp	zbook_15u_g6_mobile_workstation_firmware	< 01.04.02	Yes
Hardware	hp	zbook_15u_g6_mobile_workstation	-	No
Operating System	hp	zhan_x_13_g2_firmware	< 01.04.02	Yes
Hardware	hp	zhan_x_13_g2	-	No
Operating System	hp	zbook_17u_g6_mobile_workstation_firmware	< 01.04.02	Yes
Hardware	hp	zbook_17u_g6_mobile_workstation	-	No

References

https://support.hp.com/us-en/document/c06549501 Patch, Vendor Advisory ([email protected])
https://support.hp.com/us-en/document/c06549501 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)