Vulnerability-Lookup

BDU:2019-04870

Vulnerability from fstec - Published: 28.10.2019

Title

Description

Уязвимость компонента EFI_BOOT_SERVICES микропрограммного обеспечения настольных рабочих станций, персональных компьютеров и кассовых аппаратов компании Hewlett-Packard Development Company L.P существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии

Severity ?


                    
                      AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor

HP Inc.

Software Name

HP 260 G1 DM, HP 280 Pro G1 Microtower PC, HP 285 G2 Microtower Business PC, HP 340 G3 Notebook PC, HP 340 G4 Notebook PC, HP 346 G3 Notebook PC, HP 346 G4 Notebook PC, HP 348 G3 Notebook PC, HP Elite Slice, HP Elite x2 1011 G1 Tablet, HP EliteBook 1030 G1 Notebook, HP EliteBook 1040 G2 Notebook PC, HP EliteBook 720 G1 Notebook PC, HP EliteBook 720 G2 Notebook PC, HP EliteBook 740 G1 Notebook PC, HP EliteBook 740 G2 Notebook PC, HP EliteBook 750 G1 Notebook PC, HP EliteBook 750 G2 Notebook PC, HP EliteBook 820 G1 Notebook PC, HP EliteBook 820 G2 Notebook PC, HP EliteBook 820 G3 Notebook PC, HP EliteBook 828 G3 Notebook PC, HP EliteBook 840 G1 Notebook PC, HP EliteBook 840 G2 Notebook PC, HP EliteBook 840 G3 Notebook PC, HP EliteBook 848 G3 Notebook PC, HP EliteBook 850 G1 Notebook PC, HP EliteBook 850 G2 Notebook PC, HP EliteBook 850 G3 Notebook PC, HP EliteBook Folio 1020 G1 Notebook PC, HP EliteBook Folio 1020 G1 Special Edition Notebook PC, HP EliteBook Folio 1040 G1 Notebook PC, HP EliteBook Folio 1040 G3 Notebook PC, HP EliteBook Folio G1 Notebook PC, HP EliteBook Revolve 810 G2, HP EliteBook Revolve 810 G3, HP EliteDesk 800 G2 DM, HP EliteDesk 800 G2 SFF, HP EliteDesk 800 G2 TWR, HP EliteOne 800 G2 AiO PC, HP Elitepad 1000 G2, HP MP9 G2 Retail System, HP Pro Tablet 10 EE G1, HP Pro Tablet 608 G1, HP Pro Tablet 610 G1, HP Pro x2 612 G1 Tablet, HP ProBook 11 G1 Education Edition, HP ProBook 11 G2 Education Edition, HP ProBook 430 G1 Notebook PC, HP ProBook 440 G1 Notebook PC, HP ProBook 440 G2 Notebook PC, HP ProBook 440 G3 Notebook PC, HP ProBook 450 G1 Notebook PC, HP ProBook 450 G2 Notebook PC, HP ProBook 450 G3 Notebook PC, HP ProBook 470 G1 Notebook PC, HP ProBook 470 G2 Notebook PC, HP ProBook 470 G3 Notebook PC, HP ProBook 640 G1 Notebook PC, HP ProBook 640 G2 Notebook PC, HP ProBook 650 G1 Notebook PC, HP ProBook x360 11 G1 Education Edition, HP ProDesk 400 G1 DM, HP ProDesk 400 G2 DM, HP ProDesk 400 G2.5 SFF, HP ProDesk 400 G3 SFF, HP ProDesk 405/485 G2 MT, HP ProDesk 480 G3 SFF, HP ProDesk 490 G2 MT, HP ProDesk 490 G3 SFF, HP ProDesk 498 G2 MT, HP ProDesk 498 G3 SFF, HP ProDesk 600 G2 DM, HP ProDesk 600 G2 SFF, HP ProOne 400 G2 AiO PC, HP ProOne 600 G2 AiO PC, HP RP2 Retail System, HP RP9 G1 Retail System Model 9015 & 9018, HP ZBook 14 G2 Mobile Workstation, HP ZBook 14 Mobile Workstation, HP ZBook 15 G2 Mobile Workstation, HP ZBook 15 G3 Mobile Workstation, HP ZBook 15 Mobile Workstation, HP ZBook 15u G2 Mobile Workstation, HP ZBook 15u G3 Mobile Workstation, HP ZBook 17 G2 Mobile Workstation, HP ZBook 17 G3 Mobile Workstation, HP Z238 Microtower Workstation Linux, HP Z1 G3 Workstation, HP Z2 Mini G3 Workstation, HP Z238 Microtower Workstation, HP Z240 SFF Workstation, HP Z240 Tower Workstation

Software Version

до 2.27 (HP 260 G1 DM), до 80.3 (HP 280 Pro G1 Microtower PC), до A0.23 (HP 285 G2 Microtower Business PC), до F.48 (HP 340 G3 Notebook PC), HP 340 G4 Notebook PC (HP 340 G3 Notebook PC), до F.55 (HP 340 G4 Notebook PC), до F.48 (HP 346 G3 Notebook PC), до F.46 (HP 346 G4 Notebook PC), до F.48 (HP 348 G3 Notebook PC), до F.55 (HP 348 G3 Notebook PC), до 2.42 (HP Elite Slice), до 1.27 (HP Elite x2 1011 G1 Tablet), до 1.42 (HP Elite x2 1011 G1 Tablet), до 1.42 (HP EliteBook 1030 G1 Notebook), до 1.17 (HP EliteBook 1040 G2 Notebook PC), до 1.48 (HP EliteBook 720 G1 Notebook PC), до 1.29 (HP EliteBook 720 G2 Notebook PC), до 1.48 (HP EliteBook 740 G1 Notebook PC), до 1.29 (HP EliteBook 740 G2 Notebook PC), до 1.48 (HP EliteBook 750 G1 Notebook PC), до 1.29 (HP EliteBook 750 G2 Notebook PC), до 1.48 (HP EliteBook 820 G1 Notebook PC), до 1.29 (HP EliteBook 820 G2 Notebook PC), до 1.42 (HP EliteBook 820 G3 Notebook PC), до 1.42 (HP EliteBook 828 G3 Notebook PC), до 1.48 (HP EliteBook 840 G1 Notebook PC), до 1.29 (HP EliteBook 840 G2 Notebook PC), до 1.42 (HP EliteBook 840 G3 Notebook PC), до 1.42 (HP EliteBook 848 G3 Notebook PC), до 1.48 (HP EliteBook 850 G1 Notebook PC), до 1.29 (HP EliteBook 850 G2 Notebook PC), до 1.42 (HP EliteBook 850 G3 Notebook PC), до 1.24 (HP EliteBook Folio 1020 G1 Notebook PC), до 1.24 (HP EliteBook Folio 1020 G1 Special Edition Notebook PC), до 1.44 (HP EliteBook Folio 1040 G1 Notebook PC), до 1.42 (HP EliteBook Folio 1040 G3 Notebook PC), до 1.42 (HP EliteBook Folio G1 Notebook PC), до 1.45 (HP EliteBook Revolve 810 G2), до 1.2 (HP EliteBook Revolve 810 G3), до 2.42 (HP EliteDesk 800 G2 DM), до 2.42 (HP EliteDesk 800 G2 SFF), до 2.42 (HP EliteDesk 800 G2 TWR), до 2.42 (HP EliteOne 800 G2 AiO PC), до 1.48 (HP Elitepad 1000 G2), до 2.42 (HP MP9 G2 Retail System), до 1.31 (HP Pro Tablet 10 EE G1), до 1.21 (HP Pro Tablet 608 G1), до F.16 (HP Pro Tablet 610 G1), до 1.48 (HP Pro x2 612 G1 Tablet), до 1.17 (HP ProBook 11 G1 Education Edition), до 1.42 (HP ProBook 11 G2 Education Edition), до 1.49 (HP ProBook 430 G1 Notebook PC), до 1.52 (HP ProBook 430 G1 Notebook PC), до 1.49 (HP ProBook 440 G1 Notebook PC), до 1.52 (HP ProBook 440 G2 Notebook PC), до 1.42 (HP ProBook 440 G3 Notebook PC), до 1.49 (HP ProBook 450 G1 Notebook PC), до 1.52 (HP ProBook 450 G2 Notebook PC), до 1.42 (HP ProBook 450 G3 Notebook PC), до 1.49 (HP ProBook 470 G1 Notebook PC), до 1.52 (HP ProBook 470 G2 Notebook PC), до 1.42 (HP ProBook 470 G3 Notebook PC), до 1.49 (HP ProBook 640 G1 Notebook PC), до 1.42 (HP ProBook 640 G2 Notebook PC), до 1.49 (HP ProBook 650 G1 Notebook PC), до 1.42 (HP ProBook 650 G1 Notebook PC), до 1.3 (HP ProBook x360 11 G1 Education Edition), до 2.27 (HP ProDesk 400 G1 DM), до 2.42 (HP ProDesk 400 G2 DM), до 2.26 (HP ProDesk 400 G2.5 SFF), до 2.42 (HP ProDesk 400 G3 SFF), до 2.29 (HP ProDesk 405/485 G2 MT), до 2.42 (HP ProDesk 480 G3 SFF), до 2.31 (HP ProDesk 490 G2 MT), до 2.42 (HP ProDesk 490 G3 SFF), до 2.31 (HP ProDesk 498 G2 MT), до 2.42 (HP ProDesk 498 G3 SFF), до 2.42 (HP ProDesk 600 G2 DM), до 2.42 (HP ProDesk 600 G2 SFF), до 2.42 (HP ProOne 400 G2 AiO PC), до 2.42 (HP ProOne 600 G2 AiO PC), до 2.21 (HP RP2 Retail System), до 2.42 (HP RP9 G1 Retail System Model 9015 & 9018), до 1.29 (HP ZBook 14 G2 Mobile Workstation), до 1.48 (HP ZBook 14 Mobile Workstation), до 1.25 (HP ZBook 15 G2 Mobile Workstation), до 1.42 (HP ZBook 15 G3 Mobile Workstation), до 1.46 (HP ZBook 15 Mobile Workstation), до 1.29 (HP ZBook 15u G2 Mobile Workstation), до 1.42 (HP ZBook 15u G3 Mobile Workstation), до 1.25 (HP ZBook 17 G2 Mobile Workstation), до 1.42 (HP ZBook 17 G3 Mobile Workstation), до 1.77 (HP Z238 Microtower Workstation Linux), до 1.26 (HP Z1 G3 Workstation), до 1.77 (HP Z2 Mini G3 Workstation), до 1.77 (HP Z238 Microtower Workstation), до 1.77 (HP Z240 SFF Workstation), до 1.77 (HP Z240 Tower Workstation)

Possible Mitigations

Использование рекомендаций: https://support.hp.com/rs-en/document/c06456250

Reference

https://support.hp.com/us-en/document/c06456250 https://nvd.nist.gov/vuln/detail/CVE-2019-16284

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "HP Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2.27 (HP 260 G1 DM), \u0434\u043e 80.3 (HP 280 Pro G1 Microtower PC), \u0434\u043e A0.23 (HP 285 G2 Microtower Business PC), \u0434\u043e F.48 (HP 340 G3 Notebook PC), HP 340 G4 Notebook PC (HP 340 G3 Notebook PC), \u0434\u043e F.55 (HP 340 G4 Notebook PC), \u0434\u043e F.48 (HP 346 G3 Notebook PC), \u0434\u043e F.46 (HP 346 G4 Notebook PC), \u0434\u043e F.48 (HP 348 G3 Notebook PC), \u0434\u043e F.55 (HP 348 G3 Notebook PC), \u0434\u043e 2.42 (HP Elite Slice), \u0434\u043e 1.27 (HP Elite x2 1011 G1 Tablet), \u0434\u043e 1.42 (HP Elite x2 1011 G1 Tablet), \u0434\u043e 1.42 (HP EliteBook 1030 G1 Notebook), \u0434\u043e 1.17 (HP EliteBook 1040 G2 Notebook PC), \u0434\u043e 1.48 (HP EliteBook 720 G1 Notebook PC), \u0434\u043e 1.29 (HP EliteBook 720 G2 Notebook PC), \u0434\u043e 1.48 (HP EliteBook 740 G1 Notebook PC), \u0434\u043e 1.29 (HP EliteBook 740 G2 Notebook PC), \u0434\u043e 1.48 (HP EliteBook 750 G1 Notebook PC), \u0434\u043e 1.29 (HP EliteBook 750 G2 Notebook PC), \u0434\u043e 1.48 (HP EliteBook 820 G1 Notebook PC), \u0434\u043e 1.29 (HP EliteBook 820 G2 Notebook PC), \u0434\u043e 1.42 (HP EliteBook 820 G3 Notebook PC), \u0434\u043e 1.42 (HP EliteBook 828 G3 Notebook PC), \u0434\u043e 1.48 (HP EliteBook 840 G1 Notebook PC), \u0434\u043e 1.29 (HP EliteBook 840 G2 Notebook PC), \u0434\u043e 1.42 (HP EliteBook 840 G3 Notebook PC), \u0434\u043e 1.42 (HP EliteBook 848 G3 Notebook PC), \u0434\u043e 1.48 (HP EliteBook 850 G1 Notebook PC), \u0434\u043e 1.29 (HP EliteBook 850 G2 Notebook PC), \u0434\u043e 1.42 (HP EliteBook 850 G3 Notebook PC), \u0434\u043e 1.24 (HP EliteBook Folio 1020 G1 Notebook PC), \u0434\u043e 1.24 (HP EliteBook Folio 1020 G1 Special Edition Notebook PC), \u0434\u043e 1.44 (HP EliteBook Folio 1040 G1 Notebook PC), \u0434\u043e 1.42 (HP EliteBook Folio 1040 G3 Notebook PC), \u0434\u043e 1.42 (HP EliteBook Folio G1 Notebook PC), \u0434\u043e 1.45 (HP EliteBook Revolve 810 G2), \u0434\u043e 1.2 (HP EliteBook Revolve 810 G3), \u0434\u043e 2.42 (HP EliteDesk 800 G2 DM), \u0434\u043e 2.42 (HP EliteDesk 800 G2 SFF), \u0434\u043e 2.42 (HP EliteDesk 800 G2 TWR), \u0434\u043e 2.42 (HP EliteOne 800 G2 AiO PC), \u0434\u043e 1.48 (HP Elitepad 1000 G2), \u0434\u043e 2.42 (HP MP9 G2 Retail System), \u0434\u043e 1.31 (HP Pro Tablet 10 EE G1), \u0434\u043e 1.21 (HP Pro Tablet 608 G1), \u0434\u043e F.16 (HP Pro Tablet 610 G1), \u0434\u043e 1.48 (HP Pro x2 612 G1 Tablet), \u0434\u043e 1.17 (HP ProBook 11 G1 Education Edition), \u0434\u043e 1.42 (HP ProBook 11 G2 Education Edition), \u0434\u043e 1.49 (HP ProBook 430 G1 Notebook PC), \u0434\u043e 1.52 (HP ProBook 430 G1 Notebook PC), \u0434\u043e 1.49 (HP ProBook 440 G1 Notebook PC), \u0434\u043e 1.52 (HP ProBook 440 G2 Notebook PC), \u0434\u043e 1.42 (HP ProBook 440 G3 Notebook PC), \u0434\u043e 1.49 (HP ProBook 450 G1 Notebook PC), \u0434\u043e 1.52 (HP ProBook 450 G2 Notebook PC), \u0434\u043e 1.42 (HP ProBook 450 G3 Notebook PC), \u0434\u043e 1.49 (HP ProBook 470 G1 Notebook PC), \u0434\u043e 1.52 (HP ProBook 470 G2 Notebook PC), \u0434\u043e 1.42 (HP ProBook 470 G3 Notebook PC), \u0434\u043e 1.49 (HP ProBook 640 G1 Notebook PC), \u0434\u043e 1.42 (HP ProBook 640 G2 Notebook PC), \u0434\u043e 1.49 (HP ProBook 650 G1 Notebook PC), \u0434\u043e 1.42 (HP ProBook 650 G1 Notebook PC), \u0434\u043e 1.3 (HP ProBook x360 11 G1 Education Edition), \u0434\u043e 2.27 (HP ProDesk 400 G1 DM), \u0434\u043e 2.42 (HP ProDesk 400 G2 DM), \u0434\u043e 2.26 (HP ProDesk 400 G2.5 SFF), \u0434\u043e 2.42 (HP ProDesk 400 G3 SFF), \u0434\u043e 2.29 (HP ProDesk 405/485 G2 MT), \u0434\u043e 2.42 (HP ProDesk 480 G3 SFF), \u0434\u043e 2.31 (HP ProDesk 490 G2 MT), \u0434\u043e 2.42 (HP ProDesk 490 G3 SFF), \u0434\u043e 2.31 (HP ProDesk 498 G2 MT), \u0434\u043e 2.42 (HP ProDesk 498 G3 SFF), \u0434\u043e 2.42 (HP ProDesk 600 G2 DM), \u0434\u043e 2.42 (HP ProDesk 600 G2 SFF), \u0434\u043e 2.42 (HP ProOne 400 G2 AiO PC), \u0434\u043e 2.42 (HP ProOne 600 G2 AiO PC), \u0434\u043e 2.21 (HP RP2 Retail System), \u0434\u043e 2.42 (HP RP9 G1 Retail System Model 9015 \u0026 9018), \u0434\u043e 1.29 (HP ZBook 14 G2 Mobile Workstation), \u0434\u043e 1.48 (HP ZBook 14 Mobile Workstation), \u0434\u043e 1.25 (HP ZBook 15 G2 Mobile Workstation), \u0434\u043e 1.42 (HP ZBook 15 G3 Mobile Workstation), \u0434\u043e 1.46 (HP ZBook 15 Mobile Workstation), \u0434\u043e 1.29 (HP ZBook 15u G2 Mobile Workstation), \u0434\u043e 1.42 (HP ZBook 15u G3 Mobile Workstation), \u0434\u043e 1.25 (HP ZBook 17 G2 Mobile Workstation), \u0434\u043e 1.42 (HP ZBook 17 G3 Mobile Workstation), \u0434\u043e 1.77 (HP Z238 Microtower Workstation Linux), \u0434\u043e 1.26 (HP Z1 G3 Workstation), \u0434\u043e 1.77 (HP Z2 Mini G3 Workstation), \u0434\u043e 1.77 (HP Z238 Microtower Workstation), \u0434\u043e 1.77 (HP Z240 SFF Workstation), \u0434\u043e 1.77 (HP Z240 Tower Workstation)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://support.hp.com/rs-en/document/c06456250",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.10.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.12.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.12.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04870",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-16284",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "HP 260 G1 DM, HP 280 Pro G1 Microtower PC, HP 285 G2 Microtower Business PC, HP 340 G3 Notebook PC, HP 340 G4 Notebook PC, HP 346 G3 Notebook PC, HP 346 G4 Notebook PC, HP 348 G3 Notebook PC, HP Elite Slice, HP Elite x2 1011 G1 Tablet, HP EliteBook 1030 G1 Notebook, HP EliteBook 1040 G2 Notebook PC, HP EliteBook 720 G1 Notebook PC, HP EliteBook 720 G2 Notebook PC, HP EliteBook 740 G1 Notebook PC, HP EliteBook 740 G2 Notebook PC, HP EliteBook 750 G1 Notebook PC, HP EliteBook 750 G2 Notebook PC, HP EliteBook 820 G1 Notebook PC, HP EliteBook 820 G2 Notebook PC, HP EliteBook 820 G3 Notebook PC, HP EliteBook 828 G3 Notebook PC, HP EliteBook 840 G1 Notebook PC, HP EliteBook 840 G2 Notebook PC, HP EliteBook 840 G3 Notebook PC, HP EliteBook 848 G3 Notebook PC, HP EliteBook 850 G1 Notebook PC, HP EliteBook 850 G2 Notebook PC, HP EliteBook 850 G3 Notebook PC, HP EliteBook Folio 1020 G1 Notebook PC, HP EliteBook Folio 1020 G1 Special Edition Notebook PC, HP EliteBook Folio 1040 G1 Notebook PC, HP EliteBook Folio 1040 G3 Notebook PC, HP EliteBook Folio G1 Notebook PC, HP EliteBook Revolve 810 G2, HP EliteBook Revolve 810 G3, HP EliteDesk 800 G2 DM, HP EliteDesk 800 G2 SFF, HP EliteDesk 800 G2 TWR, HP EliteOne 800 G2 AiO PC, HP Elitepad 1000 G2, HP MP9 G2 Retail System, HP Pro Tablet 10 EE G1, HP Pro Tablet 608 G1, HP Pro Tablet 610 G1, HP Pro x2 612 G1 Tablet, HP ProBook 11 G1 Education Edition, HP ProBook 11 G2 Education Edition, HP ProBook 430 G1 Notebook PC, HP ProBook 440 G1 Notebook PC, HP ProBook 440 G2 Notebook PC, HP ProBook 440 G3 Notebook PC, HP ProBook 450 G1 Notebook PC, HP ProBook 450 G2 Notebook PC, HP ProBook 450 G3 Notebook PC, HP ProBook 470 G1 Notebook PC, HP ProBook 470 G2 Notebook PC, HP ProBook 470 G3 Notebook PC, HP ProBook 640 G1 Notebook PC, HP ProBook 640 G2 Notebook PC, HP ProBook 650 G1 Notebook PC, HP ProBook x360 11 G1 Education Edition, HP ProDesk 400 G1 DM, HP ProDesk 400 G2 DM, HP ProDesk 400 G2.5 SFF, HP ProDesk 400 G3 SFF, HP ProDesk 405/485 G2 MT, HP ProDesk 480 G3 SFF, HP ProDesk 490 G2 MT, HP ProDesk 490 G3 SFF, HP ProDesk 498 G2 MT, HP ProDesk 498 G3 SFF, HP ProDesk 600 G2 DM, HP ProDesk 600 G2 SFF, HP ProOne 400 G2 AiO PC, HP ProOne 600 G2 AiO PC, HP RP2 Retail System, HP RP9 G1 Retail System Model 9015 \u0026 9018, HP ZBook 14 G2 Mobile Workstation, HP ZBook 14 Mobile Workstation, HP ZBook 15 G2 Mobile Workstation, HP ZBook 15 G3 Mobile Workstation, HP ZBook 15 Mobile Workstation, HP ZBook 15u G2 Mobile Workstation, HP ZBook 15u G3 Mobile Workstation, HP ZBook 17 G2 Mobile Workstation, HP ZBook 17 G3 Mobile Workstation, HP Z238 Microtower Workstation Linux, HP Z1 G3 Workstation, HP Z2 Mini G3 Workstation, HP Z238 Microtower Workstation, HP Z240 SFF Workstation, HP Z240 Tower Workstation",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 EFI_BOOT_SERVICES \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439, \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \u0438 \u043a\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043e\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Hewlett-Packard Development Company L.P, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 EFI_BOOT_SERVICES \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u043e\u043b\u044c\u043d\u044b\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439, \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432 \u0438 \u043a\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043e\u0432 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Hewlett-Packard Development Company L.P \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://support.hp.com/us-en/document/c06456250\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16284",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)"
}

CVE-2019-16284 (GCVE-0-2019-16284)

Vulnerability from cvelistv5 – Published: 2019-11-05 20:16 – Updated: 2024-08-05 01:10

Summary

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

Severity ?

No CVSS data available.

CWE

Elevation of privilege

Assigner

References

URL

	Vendor	Product	Version
	HP Inc.	Multiple - See https://support.hp.com/rs-en/document/c06456250	Affected: Multiple - See https://support.hp.com/rs-en/document/c06456250

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-04870

CVE-2019-16284 (GCVE-0-2019-16284)

Tags

Sightings

Nomenclature