CVE-2019-18913

6.8MEDIUM

Key Information:

Vendor: HP
Status: HP Intel-based Business Pcs That Support Microsoft Windows 10 Kernel Dma Protection.
Vendor: CVE Published:; 31 January 2020

Summary

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Affected Version(s)

HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Depends on platform. Prior to 01.04.02

HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. or prior to 02.04.01

HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. or prior to 02.04.02.

References

https://support.hp.com/us-en/document/c06549501

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2020
Vulnerability Reserved
Nov 12, 2019