Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2019-04870

Опубликовано: 28 окт. 2019
Источник: fstec
CVSS3: 7.2
CVSS2: 9
EPSS Низкий

Описание

Уязвимость компонента EFI_BOOT_SERVICES микропрограммного обеспечения настольных рабочих станций, персональных компьютеров и кассовых аппаратов компании Hewlett-Packard Development Company L.P существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии

Вендор

HP Inc.

Наименование ПО

HP 260 G1 DM
HP 280 Pro G1 Microtower PC
HP 285 G2 Microtower Business PC
HP 340 G3 Notebook PC
HP 340 G4 Notebook PC
HP 346 G3 Notebook PC
HP 346 G4 Notebook PC
HP 348 G3 Notebook PC
HP Elite Slice
HP Elite x2 1011 G1 Tablet
HP EliteBook 1030 G1 Notebook
HP EliteBook 1040 G2 Notebook PC
HP EliteBook 720 G1 Notebook PC
HP EliteBook 720 G2 Notebook PC
HP EliteBook 740 G1 Notebook PC
HP EliteBook 740 G2 Notebook PC
HP EliteBook 750 G1 Notebook PC
HP EliteBook 750 G2 Notebook PC
HP EliteBook 820 G1 Notebook PC
HP EliteBook 820 G2 Notebook PC
HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G1 Notebook PC
HP EliteBook 840 G2 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G1 Notebook PC
HP EliteBook 850 G2 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP EliteBook Folio 1020 G1 Notebook PC
HP EliteBook Folio 1020 G1 Special Edition Notebook PC
HP EliteBook Folio 1040 G1 Notebook PC
HP EliteBook Folio 1040 G3 Notebook PC
HP EliteBook Folio G1 Notebook PC
HP EliteBook Revolve 810 G2
HP EliteBook Revolve 810 G3
HP EliteDesk 800 G2 DM
HP EliteDesk 800 G2 SFF
HP EliteDesk 800 G2 TWR
HP EliteOne 800 G2 AiO PC
HP Elitepad 1000 G2
HP MP9 G2 Retail System
HP Pro Tablet 10 EE G1
HP Pro Tablet 608 G1
HP Pro Tablet 610 G1
HP Pro x2 612 G1 Tablet
HP ProBook 11 G1 Education Edition
HP ProBook 11 G2 Education Edition
HP ProBook 430 G1 Notebook PC
HP ProBook 440 G1 Notebook PC
HP ProBook 440 G2 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 450 G1 Notebook PC
HP ProBook 450 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 470 G1 Notebook PC
HP ProBook 470 G2 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 640 G1 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G1 Notebook PC
HP ProBook x360 11 G1 Education Edition
HP ProDesk 400 G1 DM
HP ProDesk 400 G2 DM
HP ProDesk 400 G2.5 SFF
HP ProDesk 400 G3 SFF
HP ProDesk 405/485 G2 MT
HP ProDesk 480 G3 SFF
HP ProDesk 490 G2 MT
HP ProDesk 490 G3 SFF
HP ProDesk 498 G2 MT
HP ProDesk 498 G3 SFF
HP ProDesk 600 G2 DM
HP ProDesk 600 G2 SFF
HP ProOne 400 G2 AiO PC
HP ProOne 600 G2 AiO PC
HP RP2 Retail System
HP RP9 G1 Retail System Model 9015 & 9018
HP ZBook 14 G2 Mobile Workstation
HP ZBook 14 Mobile Workstation
HP ZBook 15 G2 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook 15 Mobile Workstation
HP ZBook 15u G2 Mobile Workstation
HP ZBook 15u G3 Mobile Workstation
HP ZBook 17 G2 Mobile Workstation
HP ZBook 17 G3 Mobile Workstation
HP Z238 Microtower Workstation Linux
HP Z1 G3 Workstation
HP Z2 Mini G3 Workstation
HP Z238 Microtower Workstation
HP Z240 SFF Workstation
HP Z240 Tower Workstation

Версия ПО

до 2.27 (HP 260 G1 DM)
до 80.3 (HP 280 Pro G1 Microtower PC)
до A0.23 (HP 285 G2 Microtower Business PC)
до F.48 (HP 340 G3 Notebook PC)
HP 340 G4 Notebook PC (HP 340 G3 Notebook PC)
до F.55 (HP 340 G4 Notebook PC)
до F.48 (HP 346 G3 Notebook PC)
до F.46 (HP 346 G4 Notebook PC)
до F.48 (HP 348 G3 Notebook PC)
до F.55 (HP 348 G3 Notebook PC)
до 2.42 (HP Elite Slice)
до 1.27 (HP Elite x2 1011 G1 Tablet)
до 1.42 (HP Elite x2 1011 G1 Tablet)
до 1.42 (HP EliteBook 1030 G1 Notebook)
до 1.17 (HP EliteBook 1040 G2 Notebook PC)
до 1.48 (HP EliteBook 720 G1 Notebook PC)
до 1.29 (HP EliteBook 720 G2 Notebook PC)
до 1.48 (HP EliteBook 740 G1 Notebook PC)
до 1.29 (HP EliteBook 740 G2 Notebook PC)
до 1.48 (HP EliteBook 750 G1 Notebook PC)
до 1.29 (HP EliteBook 750 G2 Notebook PC)
до 1.48 (HP EliteBook 820 G1 Notebook PC)
до 1.29 (HP EliteBook 820 G2 Notebook PC)
до 1.42 (HP EliteBook 820 G3 Notebook PC)
до 1.42 (HP EliteBook 828 G3 Notebook PC)
до 1.48 (HP EliteBook 840 G1 Notebook PC)
до 1.29 (HP EliteBook 840 G2 Notebook PC)
до 1.42 (HP EliteBook 840 G3 Notebook PC)
до 1.42 (HP EliteBook 848 G3 Notebook PC)
до 1.48 (HP EliteBook 850 G1 Notebook PC)
до 1.29 (HP EliteBook 850 G2 Notebook PC)
до 1.42 (HP EliteBook 850 G3 Notebook PC)
до 1.24 (HP EliteBook Folio 1020 G1 Notebook PC)
до 1.24 (HP EliteBook Folio 1020 G1 Special Edition Notebook PC)
до 1.44 (HP EliteBook Folio 1040 G1 Notebook PC)
до 1.42 (HP EliteBook Folio 1040 G3 Notebook PC)
до 1.42 (HP EliteBook Folio G1 Notebook PC)
до 1.45 (HP EliteBook Revolve 810 G2)
до 1.2 (HP EliteBook Revolve 810 G3)
до 2.42 (HP EliteDesk 800 G2 DM)
до 2.42 (HP EliteDesk 800 G2 SFF)
до 2.42 (HP EliteDesk 800 G2 TWR)
до 2.42 (HP EliteOne 800 G2 AiO PC)
до 1.48 (HP Elitepad 1000 G2)
до 2.42 (HP MP9 G2 Retail System)
до 1.31 (HP Pro Tablet 10 EE G1)
до 1.21 (HP Pro Tablet 608 G1)
до F.16 (HP Pro Tablet 610 G1)
до 1.48 (HP Pro x2 612 G1 Tablet)
до 1.17 (HP ProBook 11 G1 Education Edition)
до 1.42 (HP ProBook 11 G2 Education Edition)
до 1.49 (HP ProBook 430 G1 Notebook PC)
до 1.52 (HP ProBook 430 G1 Notebook PC)
до 1.49 (HP ProBook 440 G1 Notebook PC)
до 1.52 (HP ProBook 440 G2 Notebook PC)
до 1.42 (HP ProBook 440 G3 Notebook PC)
до 1.49 (HP ProBook 450 G1 Notebook PC)
до 1.52 (HP ProBook 450 G2 Notebook PC)
до 1.42 (HP ProBook 450 G3 Notebook PC)
до 1.49 (HP ProBook 470 G1 Notebook PC)
до 1.52 (HP ProBook 470 G2 Notebook PC)
до 1.42 (HP ProBook 470 G3 Notebook PC)
до 1.49 (HP ProBook 640 G1 Notebook PC)
до 1.42 (HP ProBook 640 G2 Notebook PC)
до 1.49 (HP ProBook 650 G1 Notebook PC)
до 1.42 (HP ProBook 650 G1 Notebook PC)
до 1.3 (HP ProBook x360 11 G1 Education Edition)
до 2.27 (HP ProDesk 400 G1 DM)
до 2.42 (HP ProDesk 400 G2 DM)
до 2.26 (HP ProDesk 400 G2.5 SFF)
до 2.42 (HP ProDesk 400 G3 SFF)
до 2.29 (HP ProDesk 405/485 G2 MT)
до 2.42 (HP ProDesk 480 G3 SFF)
до 2.31 (HP ProDesk 490 G2 MT)
до 2.42 (HP ProDesk 490 G3 SFF)
до 2.31 (HP ProDesk 498 G2 MT)
до 2.42 (HP ProDesk 498 G3 SFF)
до 2.42 (HP ProDesk 600 G2 DM)
до 2.42 (HP ProDesk 600 G2 SFF)
до 2.42 (HP ProOne 400 G2 AiO PC)
до 2.42 (HP ProOne 600 G2 AiO PC)
до 2.21 (HP RP2 Retail System)
до 2.42 (HP RP9 G1 Retail System Model 9015 & 9018)
до 1.29 (HP ZBook 14 G2 Mobile Workstation)
до 1.48 (HP ZBook 14 Mobile Workstation)
до 1.25 (HP ZBook 15 G2 Mobile Workstation)
до 1.42 (HP ZBook 15 G3 Mobile Workstation)
до 1.46 (HP ZBook 15 Mobile Workstation)
до 1.29 (HP ZBook 15u G2 Mobile Workstation)
до 1.42 (HP ZBook 15u G3 Mobile Workstation)
до 1.25 (HP ZBook 17 G2 Mobile Workstation)
до 1.42 (HP ZBook 17 G3 Mobile Workstation)
до 1.77 (HP Z238 Microtower Workstation Linux)
до 1.26 (HP Z1 G3 Workstation)
до 1.77 (HP Z2 Mini G3 Workstation)
до 1.77 (HP Z238 Microtower Workstation)
до 1.77 (HP Z240 SFF Workstation)
до 1.77 (HP Z240 Tower Workstation)

Тип ПО

Микропрограммный код
ПО программно-аппаратного средства

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 9)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,2)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://support.hp.com/rs-en/document/c06456250

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 55%
0.00322
Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Связанные уязвимости

nvd логотип

CVE-2019-16284

CVSS3: 7.2
nvd
больше 6 лет назад

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

github логотип

GHSA-8x49-r627-jgw5

github
больше 3 лет назад

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

EPSS

Процентиль: 55%
0.00322
Низкий

7.2 High

CVSS3

9 Critical

CVSS2