Vulnerability Description
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | 260 G4 Desktop Mini Firmware | < 2.14 |
| Hp | 260 G4 Desktop Mini | - |
| Hp | T430 Firmware | < 00.01.11 |
| Hp | T430 | - |
| Hp | T628 Firmware | < 00.01.10 |
| Hp | T628 | - |
| Hp | 240 G10 Firmware | < f.04 |
| Hp | 240 G10 | - |
| Hp | 245 G6 Firmware | < f.35 |
| Hp | 245 G6 | - |
| Hp | 245 G7 Firmware | < f.69 |
| Hp | 245 G7 | - |
| Hp | 245 G8 Firmware | < f.25 |
| Hp | 245 G8 | - |
| Hp | 247 G8 Firmware | < f.69 |
| Hp | 247 G8 | - |
| Hp | 250 G10 Firmware | < f.05 |
| Hp | 250 G10 | - |
| Hp | 255 G10 Firmware | < f.08 |
| Hp | 255 G10 | - |
Related Weaknesses (CWE)
References
- https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850PatchVendor Advisory
- https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850PatchVendor Advisory
FAQ
What is CVE-2023-26299?
CVE-2023-26299 is a vulnerability with a CVSS score of 7.0 (HIGH). A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has...
How severe is CVE-2023-26299?
CVE-2023-26299 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26299?
Check the references section above for vendor advisories and patch information. Affected products include: Hp 260 G4 Desktop Mini Firmware, Hp 260 G4 Desktop Mini, Hp T430 Firmware, Hp T430, Hp T628 Firmware.