CVE-2023-6138

A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.9 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
hpCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.9 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
hpz440_workstation_firmware
𝑥
< 2.62
hpz640_workstation_firmware
𝑥
< 2.62
hpz840_workstation_firmware
𝑥
< 2.62
𝑥
= Vulnerable software versions
References
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915