TOCTOU Vulnerability in HP PC Products Using AMI UEFI Firmware
CVE-2023-26299

7HIGH

Key Information:

Vendor: HP
Status: HP Pc Products Using Ami Uefi Firmware
Vendor: CVE Published:; 30 June 2023

What is CVE-2023-26299?

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been found in various HP PC products using AMI UEFI Firmware. This flaw could allow an attacker to exploit the timing of checks in the system's operation, leading to the execution of arbitrary code. AMI has released updates aimed at addressing this vulnerability, emphasizing the importance of applying them to ensure system security.

Affected Version(s)

HP PC products using AMI UEFI Firmware See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_8642715-8642746...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2023
Vulnerability Reserved
Feb 21, 2023