Vulnerabilites related to hp - z4_g4_workstation_firmware
cve-2019-6322
Vulnerability from cvelistv5
Published
2019-05-29 19:56
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hp.com/us-en/document/c06318199 | vendor-advisory, x_refsource_HP |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | HP Z4 G4 Workstation (Xeon W) |
Version: before 1.70 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "HPSBHF03614", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://support.hp.com/us-en/document/c06318199", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "HP Z4 G4 Workstation (Xeon W)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z4 G4 Workstation (Xeon W) (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z4 G4 Core-X Workstation", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z4 G4 Core-X Workstation (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z6 G4 Workstation", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, { product: "HP Z6 G4 Workstation (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, { product: "HP Z8 G4 Workstation", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, { product: "HP Z8 G4 Workstation (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, ], datePublic: "2019-05-03T00:00:00", descriptions: [ { lang: "en", value: "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-29T19:56:26", orgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", shortName: "hp", }, references: [ { name: "HPSBHF03614", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://support.hp.com/us-en/document/c06318199", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "hp-security-alert@hp.com", ID: "CVE-2019-6322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "HP Z4 G4 Workstation (Xeon W)", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z4 G4 Workstation (Xeon W) (Linux)", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z4 G4 Core-X Workstation", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z4 G4 Core-X Workstation (Linux)", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z6 G4 Workstation", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, { product_name: "HP Z6 G4 Workstation (Linux)", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, { product_name: "HP Z8 G4 Workstation", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, { product_name: "HP Z8 G4 Workstation (Linux)", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity", }, ], }, ], }, references: { reference_data: [ { name: "HPSBHF03614", refsource: "HP", url: "https://support.hp.com/us-en/document/c06318199", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", assignerShortName: "hp", cveId: "CVE-2019-6322", datePublished: "2019-05-29T19:56:26", dateReserved: "2019-01-15T00:00:00", dateUpdated: "2024-08-04T20:16:24.814Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6321
Vulnerability from cvelistv5
Published
2019-05-29 19:55
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.hp.com/us-en/document/c06318199 | vendor-advisory, x_refsource_HP |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | HP Z4 G4 Workstation (Xeon W) |
Version: before 1.70 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "HPSBHF03614", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://support.hp.com/us-en/document/c06318199", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "HP Z4 G4 Workstation (Xeon W)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z4 G4 Workstation (Xeon W) (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z4 G4 Core-X Workstation", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z4 G4 Core-X Workstation (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.70", }, ], }, { product: "HP Z6 G4 Workstation", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, { product: "HP Z6 G4 Workstation (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, { product: "HP Z8 G4 Workstation", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, { product: "HP Z8 G4 Workstation (Linux)", vendor: "n/a", versions: [ { status: "affected", version: "before 1.71", }, ], }, ], datePublic: "2019-05-03T00:00:00", descriptions: [ { lang: "en", value: "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.", }, ], problemTypes: [ { descriptions: [ { description: "Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-29T19:55:14", orgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", shortName: "hp", }, references: [ { name: "HPSBHF03614", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://support.hp.com/us-en/document/c06318199", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "hp-security-alert@hp.com", ID: "CVE-2019-6321", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "HP Z4 G4 Workstation (Xeon W)", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z4 G4 Workstation (Xeon W) (Linux)", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z4 G4 Core-X Workstation", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z4 G4 Core-X Workstation (Linux)", version: { version_data: [ { version_value: "before 1.70", }, ], }, }, { product_name: "HP Z6 G4 Workstation", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, { product_name: "HP Z6 G4 Workstation (Linux)", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, { product_name: "HP Z8 G4 Workstation", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, { product_name: "HP Z8 G4 Workstation (Linux)", version: { version_data: [ { version_value: "before 1.71", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Escalation of Privilege, Denial of Service, Information Disclosure, Loss of Confidentiality, Loss of Integrity", }, ], }, ], }, references: { reference_data: [ { name: "HPSBHF03614", refsource: "HP", url: "https://support.hp.com/us-en/document/c06318199", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", assignerShortName: "hp", cveId: "CVE-2019-6321", datePublished: "2019-05-29T19:55:14", dateReserved: "2019-01-15T00:00:00", dateUpdated: "2024-08-04T20:16:24.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-05-29 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | https://support.hp.com/us-en/document/c06318199 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/c06318199 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D705A2F2-BDF8-4ACB-B682-E9EB26D5558F", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A7A880C4-65EC-4D4C-9F31-68AFD4BE79C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61D5EEEF-309C-4A67-9395-4D96B0D96859", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A49133ED-9C3F-400D-972E-23FAB43B7B25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "71022F3C-5A46-467C-88EF-3B24B97F5516", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "6DD26B60-086E-4C83-B3EB-CA4981AAAF7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "26F06BE0-00B1-4216-B4ED-42837F3F1AD2", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "068354B9-5842-4014-A466-011FA1AA62B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "66FA358A-3EE5-4440-BB90-034051564C5B", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A7A880C4-65EC-4D4C-9F31-68AFD4BE79C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "A5C7B2C1-5F0B-4AB5-B6DE-673B5ED5ED52", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A49133ED-9C3F-400D-972E-23FAB43B7B25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "C80EFB03-1270-49B1-AD2D-0F217AD2CD0E", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "6DD26B60-086E-4C83-B3EB-CA4981AAAF7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "421AD855-EE9B-4BA8-92B7-2A1AAD2E041F", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "068354B9-5842-4014-A466-011FA1AA62B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.", }, { lang: "es", value: "HP ha encontrado una vulnerabilidad de seguridad con algunas versiones de Workstation BIOS (UEFI Firmware), donde el tiempo de ejecución del código BIOS podría ser manipulado si el TPM está deshabilitado. Esta vulnerabilidad esta relacionada con Workstatiosn cuyo TPM está deshabilitado por defecto.", }, ], id: "CVE-2019-6321", lastModified: "2024-11-21T04:46:24.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-29T20:29:00.330", references: [ { source: "hp-security-alert@hp.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.hp.com/us-en/document/c06318199", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.hp.com/us-en/document/c06318199", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-29 20:29
Modified
2024-11-21 04:46
Severity ?
Summary
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | https://support.hp.com/us-en/document/c06318199 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hp.com/us-en/document/c06318199 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D705A2F2-BDF8-4ACB-B682-E9EB26D5558F", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A7A880C4-65EC-4D4C-9F31-68AFD4BE79C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "61D5EEEF-309C-4A67-9395-4D96B0D96859", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A49133ED-9C3F-400D-972E-23FAB43B7B25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "71022F3C-5A46-467C-88EF-3B24B97F5516", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "6DD26B60-086E-4C83-B3EB-CA4981AAAF7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "26F06BE0-00B1-4216-B4ED-42837F3F1AD2", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "068354B9-5842-4014-A466-011FA1AA62B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "66FA358A-3EE5-4440-BB90-034051564C5B", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A7A880C4-65EC-4D4C-9F31-68AFD4BE79C8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "A5C7B2C1-5F0B-4AB5-B6DE-673B5ED5ED52", versionEndExcluding: "1.70", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "A49133ED-9C3F-400D-972E-23FAB43B7B25", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "C80EFB03-1270-49B1-AD2D-0F217AD2CD0E", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "6DD26B60-086E-4C83-B3EB-CA4981AAAF7C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:linux:*:*", matchCriteriaId: "421AD855-EE9B-4BA8-92B7-2A1AAD2E041F", versionEndExcluding: "1.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*", matchCriteriaId: "068354B9-5842-4014-A466-011FA1AA62B5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.", }, { lang: "es", value: "HP ha econtado una vulnerabilidad de seguridad con algunas versiones de Workstation BIOS (UEFI Firmware), donde el tiempo de ejecución del código BIOS podría ser manipulado si el TPM está deshabilitado. Esta vulnerabilidad esta relacionada con Workstations cuyo TPM está habilitado por defecto.", }, ], id: "CVE-2019-6322", lastModified: "2024-11-21T04:46:24.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-29T20:29:00.377", references: [ { source: "hp-security-alert@hp.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.hp.com/us-en/document/c06318199", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://support.hp.com/us-en/document/c06318199", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }