Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for elitebook_850_g1_firmware by hp

    CVE-2015-0949 (GCVE-0-2015-0949)

    Vulnerability from nvd – Published: 2020-01-30 20:45 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/631788 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Dell Latitude E6430 Affected: BIOS Revision A09
    Create a notification for this product.
    HP EliteBook 850 G1 Affected: BIOS revision L71 Ver. 01.09
    Create a notification for this product.
    Date Public
    2015-03-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/631788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Latitude E6430",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIOS Revision A09"
                }
              ]
            },
            {
              "product": "EliteBook 850 G1",
              "vendor": "HP",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIOS revision L71 Ver. 01.09"
                }
              ]
            }
          ],
          "datePublic": "2015-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T20:45:19.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.kb.cert.org/vuls/id/631788"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-0949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Latitude E6430",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIOS Revision A09"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EliteBook 850 G1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIOS revision L71 Ver. 01.09"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/631788",
                  "refsource": "MISC",
                  "url": "http://www.kb.cert.org/vuls/id/631788"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-0949",
        "datePublished": "2020-01-30T20:45:19.000Z",
        "dateReserved": "2015-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16284 (GCVE-0-2019-16284)

    Vulnerability from nvd – Published: 2019-11-05 20:16 – Updated: 2024-08-05 01:10
    VLAI
    Summary
    A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.
    Severity
    No CVSS data available.
    CWE
    • Elevation of privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    HP Inc. Multiple - See https://support.hp.com/rs-en/document/c06456250 Affected: Multiple - See https://support.hp.com/rs-en/document/c06456250
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:10:41.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/rs-en/document/c06456250"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple - See https://support.hp.com/rs-en/document/c06456250",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple - See https://support.hp.com/rs-en/document/c06456250"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T20:16:57.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hp.com/rs-en/document/c06456250"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2019-16284",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple - See https://support.hp.com/rs-en/document/c06456250",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple - See https://support.hp.com/rs-en/document/c06456250"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HP Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/rs-en/document/c06456250",
                  "refsource": "CONFIRM",
                  "url": "https://support.hp.com/rs-en/document/c06456250"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2019-16284",
        "datePublished": "2019-11-05T20:16:57.000Z",
        "dateReserved": "2019-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:10:41.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0949 (GCVE-0-2015-0949)

    Vulnerability from cvelistv5 – Published: 2020-01-30 20:45 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/631788 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Dell Latitude E6430 Affected: BIOS Revision A09
    Create a notification for this product.
    HP EliteBook 850 G1 Affected: BIOS revision L71 Ver. 01.09
    Create a notification for this product.
    Date Public
    2015-03-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.454Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/631788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Latitude E6430",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIOS Revision A09"
                }
              ]
            },
            {
              "product": "EliteBook 850 G1",
              "vendor": "HP",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIOS revision L71 Ver. 01.09"
                }
              ]
            }
          ],
          "datePublic": "2015-03-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-30T20:45:19.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.kb.cert.org/vuls/id/631788"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-0949",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Latitude E6430",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIOS Revision A09"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EliteBook 850 G1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BIOS revision L71 Ver. 01.09"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/631788",
                  "refsource": "MISC",
                  "url": "http://www.kb.cert.org/vuls/id/631788"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-0949",
        "datePublished": "2020-01-30T20:45:19.000Z",
        "dateReserved": "2015-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-16284 (GCVE-0-2019-16284)

    Vulnerability from cvelistv5 – Published: 2019-11-05 20:16 – Updated: 2024-08-05 01:10
    VLAI
    Summary
    A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.
    Severity
    No CVSS data available.
    CWE
    • Elevation of privilege
    Assigner
    hp
    References
    Impacted products
    Vendor Product Version
    HP Inc. Multiple - See https://support.hp.com/rs-en/document/c06456250 Affected: Multiple - See https://support.hp.com/rs-en/document/c06456250
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:10:41.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hp.com/rs-en/document/c06456250"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple - See https://support.hp.com/rs-en/document/c06456250",
              "vendor": "HP Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple - See https://support.hp.com/rs-en/document/c06456250"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T20:16:57.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hp.com/rs-en/document/c06456250"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2019-16284",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple - See https://support.hp.com/rs-en/document/c06456250",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple - See https://support.hp.com/rs-en/document/c06456250"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HP Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hp.com/rs-en/document/c06456250",
                  "refsource": "CONFIRM",
                  "url": "https://support.hp.com/rs-en/document/c06456250"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2019-16284",
        "datePublished": "2019-11-05T20:16:57.000Z",
        "dateReserved": "2019-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:10:41.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }