Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-6321

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.

Published

2019-05-29T20:29:00.330

Last Modified

2024-11-21T04:46:24.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-667

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hp	z4_g4_workstation_firmware	< 1.70	Yes
Hardware	hp	z4_g4_workstation	-	No
Operating System	hp	z4_g4_core-x_workstation_firmware	< 1.70	Yes
Hardware	hp	z4_g4_core-x_workstation	-	No
Operating System	hp	z6_g4_workstation_firmware	< 1.71	Yes
Hardware	hp	z6_g4_workstation	-	No
Operating System	hp	z8_g4_workstation_firmware	< 1.71	Yes
Hardware	hp	z8_g4_workstation	-	No
Operating System	hp	z4_g4_workstation_firmware	< 1.70	Yes
Hardware	hp	z4_g4_workstation	-	No
Operating System	hp	z4_g4_core-x_workstation_firmware	< 1.70	Yes
Hardware	hp	z4_g4_core-x_workstation	-	No
Operating System	hp	z6_g4_workstation_firmware	< 1.71	Yes
Hardware	hp	z6_g4_workstation	-	No
Operating System	hp	z8_g4_workstation_firmware	< 1.71	Yes
Hardware	hp	z8_g4_workstation	-	No

References

https://support.hp.com/us-en/document/c06318199 Patch, Vendor Advisory ([email protected])
https://support.hp.com/us-en/document/c06318199 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)