CVE-2023-26299

EPSS 0.15%
Published 30.06.2023 16:15:09
Last modified 21.11.2024 07:51:05
Source hp-security-alert@hp.com
Teams watchlist Login
Open Login

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Hp ≫ 260 G4 Desktop Mini Firmware Version < 2.14

Hp ≫ 260 G4 Desktop Mini Version-

Hp ≫ T430 Firmware Version < 00.01.11

Hp ≫ T430 Version-

Hp ≫ T628 Firmware Version < 00.01.10

Hp ≫ T628 Version-

Hp ≫ 240 G10 Firmware Version < f.04

Hp ≫ 240 G10 Version-

Hp ≫ 245 G6 Firmware Version < f.35

Hp ≫ 245 G6 Version-

Hp ≫ 245 G7 Firmware Version < f.69

Hp ≫ 245 G7 Version-

Hp ≫ 245 G8 Firmware Version < f.25

Hp ≫ 245 G8 Version-

Hp ≫ 247 G8 Firmware Version < f.69

Hp ≫ 247 G8 Version-

Hp ≫ 250 G10 Firmware Version < f.05

Hp ≫ 250 G10 Version-

Hp ≫ 255 G10 Firmware Version < f.08

Hp ≫ 255 G10 Version-

Hp ≫ 349 G7 Firmware Version < f.28

Hp ≫ 349 G7 Version-

Hp ≫ 470 G10 Firmware Version < f.02

Hp ≫ 470 G10 Version-

Hp ≫ 470 G9 Firmware Version < f.05

Hp ≫ 470 G9 Version-

Hp ≫ Zhan 99 G2 Firmware Version < f.24

Hp ≫ Zhan 99 G2 Version-

Hp ≫ Zhan 99 G4 Firmware Version < f.08

Hp ≫ Zhan 99 G4 Version-

Hp ≫ Vr Backpack G2 Firmware Version < f.28

Hp ≫ Vr Backpack G2 Version-

Hp ≫ 200 G3 Firmware Version-

Hp ≫ 200 G3 Version-

Hp ≫ 200 G4 22 All-in-one Firmware Version-

Hp ≫ 200 G4 22 All-in-one Version-

Hp ≫ 200 Pro G4 22 All-in-one Firmware Version-

Hp ≫ 200 Pro G4 22 All-in-one Version-

Hp ≫ 205 G4 22 All-in-one Firmware Version-

Hp ≫ 205 G4 22 All-in-one Version-

Hp ≫ 205 Pro G4 22 All-in-one Firmware Version-

Hp ≫ 205 Pro G4 22 All-in-one Version-

Hp ≫ 280 G3 Firmware Version-

Hp ≫ 280 G3 Version-

Hp ≫ 280 G4 Firmware Version-

Hp ≫ 280 G4 Version-

Hp ≫ 280 G4 Microtower Firmware Version-

Hp ≫ 280 G4 Microtower Version-

Hp ≫ 280 G5 Firmware Version-

Hp ≫ 280 G5 Version-

Hp ≫ 280 G5 Small Form Factor Firmware Version-

Hp ≫ 280 G5 Small Form Factor Version-

Hp ≫ 280 G6 Firmware Version-

Hp ≫ 280 G6 Version-

Hp ≫ 280 G8 Microtower Firmware Version-

Hp ≫ 280 G8 Microtower Version-

Hp ≫ 280 Pro G3 Firmware Version-

Hp ≫ 280 Pro G3 Version-

Hp ≫ 280 Pro G4 Microtower Firmware Version-

Hp ≫ 280 Pro G4 Microtower Version-

Hp ≫ 280 Pro G5 Small Form Factor Firmware Version-

Hp ≫ 280 Pro G5 Small Form Factor Version-

Hp ≫ 282 G5 Firmware Version-

Hp ≫ 282 G5 Version-

Hp ≫ 282 G6 Firmware Version-

Hp ≫ 282 G6 Version-

Hp ≫ 282 Pro G4 Microtower Firmware Version-

Hp ≫ 282 Pro G4 Microtower Version-

Hp ≫ 288 G5 Firmware Version-

Hp ≫ 288 G5 Version-

Hp ≫ 288 G6 Firmware Version-

Hp ≫ 288 G6 Version-

Hp ≫ 288 Pro G4 Microtower Firmware Version-

Hp ≫ 288 Pro G4 Microtower Version-

Hp ≫ 290 G1 Firmware Version-

Hp ≫ 290 G1 Version-

Hp ≫ 290 G2 Firmware Version-

Hp ≫ 290 G2 Version-

Hp ≫ 290 G2 Microtower Firmware Version-

Hp ≫ 290 G2 Microtower Version-

Hp ≫ 290 G3 Firmware Version-

Hp ≫ 290 G3 Version-

Hp ≫ 290 G3 Small Form Factor Firmware Version-

Hp ≫ 290 G3 Small Form Factor Version-

Hp ≫ 290 G4 Firmware Version-

Hp ≫ 290 G4 Version-

Hp ≫ Desktop Pro G1 Microtower Firmware Version-

Hp ≫ Desktop Pro G1 Microtower Version-

Hp ≫ Pro Small Form Factor 280 G9 Desktop Firmware Version-

Hp ≫ Pro Small Form Factor 280 G9 Desktop Version-

Hp ≫ Pro Small Form Factor 290 G9 Desktop Firmware Version-

Hp ≫ Pro Small Form Factor 290 G9 Desktop Version-

Hp ≫ Pro Small Form Factor Zhan 66 G9 Desktop Firmware Version-

Hp ≫ Pro Small Form Factor Zhan 66 G9 Desktop Version-

Hp ≫ Pro Tower 200 G9 Desktop Firmware Version-

Hp ≫ Pro Tower 200 G9 Desktop Version-

Hp ≫ Pro Tower 280 G9 Desktop Firmware Version-

Hp ≫ Pro Tower 280 G9 Desktop Version-

Hp ≫ Pro Tower 290 G9 Desktop Firmware Version-

Hp ≫ Pro Tower 290 G9 Desktop Version-

Hp ≫ Pro Tower Zhan 99 G9 Desktop Firmware Version-

Hp ≫ Pro Tower Zhan 99 G9 Desktop Version-

Hp ≫ Proone 240 G10 Firmware Version-

Hp ≫ Proone 240 G10 Version-

Hp ≫ Proone 240 G9 Firmware Version-

Hp ≫ Proone 240 G9 Version-

Hp ≫ Proone 440 G3 Firmware Version-

Hp ≫ Proone 440 G3 Version-

Hp ≫ Proone 490 G3 Firmware Version-

Hp ≫ Proone 490 G3 Version-

Hp ≫ Proone 496 G3 Firmware Version-

Hp ≫ Proone 496 G3 Version-

Hp ≫ Z Vr Backpack G1 Workstation Firmware Version-

Hp ≫ Z Vr Backpack G1 Workstation Version-

Hp ≫ Zhan 86 Pro G2 Microtower Firmware Version-

Hp ≫ Zhan 86 Pro G2 Microtower Version-

Hp ≫ Zhan 99 Pro G1 Microtower Firmware Version-

Hp ≫ Zhan 99 Pro G1 Microtower Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.372

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-26299

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-26299

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-26299

EUVD