CVE-2023-26299
7HIGH
Key Information
- Vendor
- HP
- Status
- HP PC products using AMI UEFI Firmware
- Vendor
- CVE Published:
- 30 June 2023
Summary
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.
Affected Version(s)
HP PC products using AMI UEFI Firmware = See HP Security Bulletin reference for affected versions.
CVSS V3.1
Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database