CVE-2023-5410 (GCVE-0-2023-5410)
Vulnerability from cvelistv5 – Published: 2024-03-12 20:01 – Updated: 2024-11-12 20:34
VLAI?
Summary
A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.
Severity ?
8.2 (High)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HP Inc. | HP PC BIOS |
Affected:
See HP Security Bulletin reference for affected versions
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:hp_inc:business_notebook_pcs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_notebook_pcs",
"vendor": "hp_inc",
"versions": [
{
"lessThanOrEqual": "1.15.01",
"status": "affected",
"version": "1.03.01",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:hp_inc:business_desktop_pcs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_desktop_pcs",
"vendor": "hp_inc",
"versions": [
{
"lessThanOrEqual": "2.12.03",
"status": "affected",
"version": "2.12.02",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:hp_inc:workstations:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workstations",
"vendor": "hp_inc",
"versions": [
{
"status": "affected",
"version": "2.04.02"
}
]
},
{
"cpes": [
"cpe:2.3:o:hp_inc:thin_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thin_client",
"vendor": "hp_inc",
"versions": [
{
"lessThanOrEqual": "1.15.01",
"status": "affected",
"version": "1.09.01",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-5410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T14:04:36.871281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:34:15.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "HP PC BIOS",
"vendor": "HP Inc.",
"versions": [
{
"status": "affected",
"version": "See HP Security Bulletin reference for affected versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T20:01:46.531Z",
"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"shortName": "hp"
},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
"assignerShortName": "hp",
"cveId": "CVE-2023-5410",
"datePublished": "2024-03-12T20:01:46.531Z",
"dateReserved": "2023-10-04T18:22:43.127Z",
"dateUpdated": "2024-11-12T20:34:15.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Se ha informado de una posible vulnerabilidad de seguridad en el BIOS del sistema de ciertos productos de PC HP, que podr\\u00eda permitir la manipulaci\\u00f3n de la memoria. HP est\\u00e1 lanzando medidas de mitigaci\\u00f3n para la posible vulnerabilidad.\"}]",
"id": "CVE-2023-5410",
"lastModified": "2024-11-21T08:41:43.063",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 6.0}]}",
"published": "2024-03-12T20:15:07.550",
"references": "[{\"url\": \"https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924\", \"source\": \"hp-security-alert@hp.com\"}, {\"url\": \"https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "hp-security-alert@hp.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5410\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2024-03-12T20:15:07.550\",\"lastModified\":\"2024-11-21T08:41:43.063\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se ha informado de una posible vulnerabilidad de seguridad en el BIOS del sistema de ciertos productos de PC HP, que podr\u00eda permitir la manipulaci\u00f3n de la memoria. HP est\u00e1 lanzando medidas de mitigaci\u00f3n para la posible vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"references\":[{\"url\":\"https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:59:44.777Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5410\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T14:04:36.871281Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:hp_inc:business_notebook_pcs:*:*:*:*:*:*:*:*\"], \"vendor\": \"hp_inc\", \"product\": \"business_notebook_pcs\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.03.01\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.15.01\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:hp_inc:business_desktop_pcs:*:*:*:*:*:*:*:*\"], \"vendor\": \"hp_inc\", \"product\": \"business_desktop_pcs\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.12.02\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.12.03\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:hp_inc:workstations:*:*:*:*:*:*:*:*\"], \"vendor\": \"hp_inc\", \"product\": \"workstations\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.04.02\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:hp_inc:thin_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"hp_inc\", \"product\": \"thin_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.09.01\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.15.01\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-23T14:05:09.605Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"HP Inc.\", \"product\": \"HP PC BIOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"See HP Security Bulletin reference for affected versions\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://support.hp.com/us-en/document/ish_10290255-10290279-16/hpsbhf03924\"}], \"x_generator\": {\"engine\": \"cveClient/1.0.15\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.\"}], \"providerMetadata\": {\"orgId\": \"74586083-13ce-40fd-b46a-8e5d23cfbcb2\", \"shortName\": \"hp\", \"dateUpdated\": \"2024-03-12T20:01:46.531Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-5410\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-12T20:34:15.291Z\", \"dateReserved\": \"2023-10-04T18:22:43.127Z\", \"assignerOrgId\": \"74586083-13ce-40fd-b46a-8e5d23cfbcb2\", \"datePublished\": \"2024-03-12T20:01:46.531Z\", \"assignerShortName\": \"hp\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…