Security Flaw in HP Workstation BIOS UEFI Firmware
CVE-2019-6321

7.2HIGH

Key Information:

Vendor: HP
Status: HP Z4 G4 Workstation (xeon W); HP Z4 G4 Workstation (xeon W) (linux); HP Z4 G4 Core-x Workstation; HP Z4 G4 Core-x Workstation (linux)
Vendor: CVE Published:; 29 May 2019

Summary

HP has detected a security vulnerability in certain HP Workstation BIOS (UEFI Firmware) versions. This flaw enables potential tampering with runtime BIOS code if the Trusted Platform Module (TPM) is disabled. Workstations with TPM disabled by default may be particularly susceptible to this issue, making it essential for users to apply recommended updates to mitigate the risk.

Affected Version(s)

HP Z4 G4 Core-X Workstation before 1.70

HP Z4 G4 Core-X Workstation (Linux) before 1.70

HP Z4 G4 Workstation (Xeon W) before 1.70

References

https://support.hp.com/us-en/document/c06318199

vendor-advisoryx_refsource_HP

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2019
Vulnerability Reserved
Jan 15, 2019