CVE-2023-6138

EUVD-2023-58392
A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.9 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CISA-ADPADP
7.9 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
hpz440_workstation_firmware
𝑥
< 2.62
hpz640_workstation_firmware
𝑥
< 2.62
hpz840_workstation_firmware
𝑥
< 2.62
𝑥
= Vulnerable software versions
References
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915