CVE-2019-18913 — MEDIUM (6.8)

Q: How severe is CVE-2019-18913?

CVE-2019-18913 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-18913?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Elitedesk 800 G5 Dm Firmware, Hp Elitedesk 800 G5 Dm, Hp Elitedesk 800 G5 Sff Firmware, Hp Elitedesk 800 G5 Sff, Hp Elitedesk 800 G5 Twr Firmware.

Vulnerability Description

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Elitedesk 800 G5 Dm Firmware	< 02.04.02
Hp	Elitedesk 800 G5 Dm	-
Hp	Elitedesk 800 G5 Sff Firmware	< 02.04.02
Hp	Elitedesk 800 G5 Sff	-
Hp	Elitedesk 800 G5 Twr Firmware	< 02.04.02
Hp	Elitedesk 800 G5 Twr	-
Hp	Eliteone 800 G5 Aio Firmware	< 02.04.02
Hp	Eliteone 800 G5 Aio	-
Hp	Prodesk 400 G5 Dm Firmware	< 02.04.01
Hp	Prodesk 400 G5 Dm	-
Hp	Prodesk 400 G6 Mt Firmware	< 02.04.01
Hp	Prodesk 400 G6 Mt	-
Hp	Prodesk 400 G6 Sff Firmware	< 02.04.02
Hp	Prodesk 400 G6 Sff	-
Hp	Prodesk 480 G6 Mt Firmware	< 02.04.01
Hp	Prodesk 480 G6 Mt	-
Hp	Prodesk 600 G5 Dm Firmware	< 02.04.01
Hp	Prodesk 600 G5 Dm	-
Hp	Prodesk 600 G5 Mt Firmware	< 02.04.01
Hp	Prodesk 600 G5 Mt	-

References

https://support.hp.com/us-en/document/c06549501PatchVendor Advisory
https://support.hp.com/us-en/document/c06549501PatchVendor Advisory

FAQ

What is CVE-2019-18913?

CVE-2019-18913 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots...

How severe is CVE-2019-18913?

CVE-2019-18913 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18913?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Elitedesk 800 G5 Dm Firmware, Hp Elitedesk 800 G5 Dm, Hp Elitedesk 800 G5 Sff Firmware, Hp Elitedesk 800 G5 Sff, Hp Elitedesk 800 G5 Twr Firmware.