Vulnerability Description
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | 260 G1 Dm Firmware | < 2.27 |
| Hp | 260 G1 Dm | - |
| Hp | 280 Pro G1 Firmware | < 80.3 |
| Hp | 280 Pro G1 | - |
| Hp | 285 G2 Firmware | < a0.23 |
| Hp | 285 G2 | - |
| Hp | 340 G3 Firmware | < f.48 |
| Hp | 340 G3 | - |
| Hp | 340 G4 Firmware | < f.55 |
| Hp | 340 G4 | - |
| Hp | 346 G3 Firmware | < f.48 |
| Hp | 346 G3 | - |
| Hp | 346 G4 Firmware | < f.46 |
| Hp | 346 G4 | - |
| Hp | 348 G3 Firmware | < f.48 |
| Hp | 348 G3 | - |
| Hp | 348 G4 Firmware | < f.55 |
| Hp | 348 G4 | - |
| Hp | Elite Slice Firmware | < 2.42 |
| Hp | Elite Slice | - |
References
- https://support.hp.com/rs-en/document/c06456250Vendor Advisory
- https://support.hp.com/rs-en/document/c06456250Vendor Advisory
FAQ
What is CVE-2019-16284?
CVE-2019-16284 is a vulnerability with a CVSS score of 7.2 (HIGH). A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of pri...
How severe is CVE-2019-16284?
CVE-2019-16284 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16284?
Check the references section above for vendor advisories and patch information. Affected products include: Hp 260 G1 Dm Firmware, Hp 260 G1 Dm, Hp 280 Pro G1 Firmware, Hp 280 Pro G1, Hp 285 G2 Firmware.