CVE-2019-18913

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
hpCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
hpelitedesk_800_g5_dm_firmware
𝑥
< 02.04.02
hpelitedesk_800_g5_sff_firmware
𝑥
< 02.04.02
hpelitedesk_800_g5_twr_firmware
𝑥
< 02.04.02
hpeliteone_800_g5_aio_firmware
𝑥
< 02.04.02
hpprodesk_400_g5_dm_firmware
𝑥
< 02.04.01
hpprodesk_400_g6_mt_firmware
𝑥
< 02.04.01
hpprodesk_400_g6_sff_firmware
𝑥
< 02.04.02
hpprodesk_480_g6_mt_firmware
𝑥
< 02.04.01
hpprodesk_600_g5_dm_firmware
𝑥
< 02.04.01
hpprodesk_600_g5_mt_firmware
𝑥
< 02.04.01
hpprodesk_600_g5_pci_mt_firmware
𝑥
< 02.04.01
hpprodesk_600_g5_sff_firmware
𝑥
< 02.04.01
hpproone_400_g5_aio_firmware
𝑥
< 02.04.01
hpproone_440_g5_aio_firmware
𝑥
< 02.04.01
hpproone_600_g5_aio_firmware
𝑥
< 02.04.01
hpelite_dragonfly_firmware
𝑥
< 01.04.02
hpelite_x2_g4_firmware
𝑥
< 01.04.02
hpelitebook_830_g6_firmware
𝑥
< 01.04.02
hpelitebook_836_g6_firmware
𝑥
< 01.04.02
hpelitebook_840_g6_firmware
𝑥
< 01.04.02
hpelitebook_840_g6_healthcare_edition_firmware
𝑥
< 01.04.02
hpelitebook_846_g6_firmware
𝑥
< 01.04.02
hpelitebook_846_g6_healthcare_edition_firmware
𝑥
< 01.04.02
hpelitebook_850_g6_firmware
𝑥
< 01.04.02
hpelitebook_x360_1030_g4_firmware
𝑥
< 01.04.02
hpelitebook_x360_1040_g6_firmware
𝑥
< 01.04.02
hpelitebook_x360_830_g6_firmware
𝑥
< 01.04.02
hpprobook_640_g5_firmware
𝑥
< 01.04.02
hpprobook_650_g5_firmware
𝑥
< 01.04.02
hpzbook_14u_g6_mobile_workstation_firmware
𝑥
< 01.04.02
hpzbook_15u_g6_mobile_workstation_firmware
𝑥
< 01.04.02
hpzhan_x_13_g2_firmware
𝑥
< 01.04.02
hpzbook_17u_g6_mobile_workstation_firmware
𝑥
< 01.04.02
𝑥
= Vulnerable software versions
References
https://support.hp.com/us-en/document/c06549501
https://support.hp.com/us-en/document/c06549501