CVE-2019-6321

7.2HIGH

Key Information:

Vendor: HP
Status: HP Z4 G4 Workstation (xeon W); HP Z4 G4 Workstation (xeon W) (linux); HP Z4 G4 Core-x Workstation; HP Z4 G4 Core-x Workstation (linux)
Vendor: CVE Published:; 29 May 2019

Summary

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.

Affected Version(s)

HP Z4 G4 Core-X Workstation before 1.70

HP Z4 G4 Core-X Workstation (Linux) before 1.70

HP Z4 G4 Workstation (Xeon W) before 1.70

References

https://support.hp.com/us-en/document/c06318199

vendor-advisoryx_refsource_HP

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2019
Vulnerability Reserved
Jan 15, 2019