Privilege Escalation Vulnerability in HP PC System BIOS
CVE-2023-26300

7.8HIGH

Key Information:

Vendor: HP
Status: HP PC products
Vendor: CVE Published:; 18 October 2023

What is CVE-2023-26300?

A security vulnerability has been discovered in the system BIOS for specific HP PC products, which could potentially enable unauthorized users to escalate privileges. In response, HP is implementing firmware updates to address this issue and enhance product security. Users are advised to apply these updates promptly to safeguard their systems against potential exploitations.

Affected Version(s)

HP PC products See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_9461800-9461828-16

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2023
Vulnerability Reserved
Feb 21, 2023