8.4
CVE-2021-3661
- EPSS 1.03%
- Veröffentlicht 12.12.2022 13:15:11
- Zuletzt bearbeitet 29.04.2025 05:15:40
- Quelle hp-security-alert@hp.com
- Teams Watchlist Login
- Unerledigt Login
A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp ≫ Z1 All-in-one G3 Firmware Version01.31
Hp ≫ Z2 Mini G3 Firmware Version01.83
Hp ≫ Z2 Mini G4 Firmware Version01.08.01
Hp ≫ Z2 Mini G5 Firmware Version01.03.00_rev_a
Hp ≫ Z2 Small Form Factor G4 Firmware Version01.08.01
Hp ≫ Z2 Small Form Factor G5 Firmware Version01.03.00_rev_a
Hp ≫ Z2 Small Form Factor G8 Firmware Version01.03.00_rev_a
Hp ≫ Z2 Tower G4 Firmware Version01.08.01
Hp ≫ Z2 Tower G5 Firmware Version01.03.00_rev_a
Hp ≫ Z2 Tower G8 Firmware Version01.03.00_rev_a
Hp ≫ Z238 Microtower Firmware Version01.83
Hp ≫ Z240 Small Form Factor Firmware Version01.83
Hp ≫ Z240 Tower Firmware Version01.83
Hp ≫ Z4 G4 Firmware Version02.75
Hp ≫ Z440 Firmware Version2.58
Hp ≫ Z6 G4 Firmware Version02.75
Hp ≫ Z640 Firmware Version2.58
Hp ≫ Z8 G4 Firmware Version02.75
Hp ≫ Z840 Firmware Version2.58
Hp ≫ Zcentral 4r Firmware Version01.18
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.03% | 0.766 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.