CVE-2021-39297 — HIGH (8.8)

Q: What is CVE-2021-39297?

CVE-2021-39297 is a vulnerability with a CVSS score of 8.8 (HIGH). Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

Q: How severe is CVE-2021-39297?

CVE-2021-39297 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-39297?

Check the references section above for vendor advisories and patch information. Affected products include: Hp 260 G3 Desktop Mini Pc Firmware, Hp 260 G3 Desktop Mini Pc, Hp Elitedesk 800 35W G4 Desktop Mini Pc Firmware, Hp Elitedesk 800 35W G4 Desktop Mini Pc, Hp Elitedesk 800 65W G4 Desktop Mini Pc Firmware.

Vulnerability Description

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	260 G3 Desktop Mini Pc Firmware	<= 2.17.00
Hp	260 G3 Desktop Mini Pc	-
Hp	Elitedesk 800 35W G4 Desktop Mini Pc Firmware	<= 2.18.00
Hp	Elitedesk 800 35W G4 Desktop Mini Pc	-
Hp	Elitedesk 800 65W G4 Desktop Mini Pc Firmware	<= 2.18.00
Hp	Elitedesk 800 65W G4 Desktop Mini Pc	-
Hp	Elitedesk 800 95W G4 Desktop Mini Pc Firmware	<= 2.18.00
Hp	Elitedesk 800 95W G4 Desktop Mini Pc	-
Hp	Elitedesk 800 G4 Small Form Factor Pc Firmware	<= 2.18.00
Hp	Elitedesk 800 G4 Small Form Factor Pc	-
Hp	Elitedesk 800 G4 Tower Pc Firmware	<= 2.18.00
Hp	Elitedesk 800 G4 Tower Pc	-
Hp	Elitedesk 800 G4 Workstation Edition Firmware	<= 2.18.00
Hp	Elitedesk 800 G4 Workstation Edition	-
Hp	Elitedesk 800 G5 Desktop Mini Pc Firmware	<= 2.12.00
Hp	Elitedesk 800 G5 Desktop Mini Pc	-
Hp	Elitedesk 800 G5 Small Form Factor Pc Firmware	<= 2.12.00
Hp	Elitedesk 800 G5 Small Form Factor Pc	-
Hp	Elitedesk 800 G5 Tower Pc Firmware	<= 2.12.00
Hp	Elitedesk 800 G5 Tower Pc	-

References

https://support.hp.com/us-en/document/ish_5661066-5661090-16PatchVendor Advisory
https://support.hp.com/us-en/document/ish_5661066-5661090-16PatchVendor Advisory

FAQ

What is CVE-2021-39297?

CVE-2021-39297 is a vulnerability with a CVSS score of 8.8 (HIGH). Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

How severe is CVE-2021-39297?

CVE-2021-39297 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39297?

Check the references section above for vendor advisories and patch information. Affected products include: Hp 260 G3 Desktop Mini Pc Firmware, Hp 260 G3 Desktop Mini Pc, Hp Elitedesk 800 35W G4 Desktop Mini Pc Firmware, Hp Elitedesk 800 35W G4 Desktop Mini Pc, Hp Elitedesk 800 65W G4 Desktop Mini Pc Firmware.