CVE-2021-3439

high-risk

Published 2023-02-01

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

340 G3 Firmware

340 G4 Firmware

346 G3 Firmware

346 G4 Firmware

348 G3 Firmware

348 G4 Firmware

Elite Dragonfly Firmware

Elite Dragonfly G2 Firmware

Elite Dragonfly Max Firmware

Elite X2 1012 G1 Firmware

Elite X2 1012 G1 Tablet Firmware

Elite X2 1012 G2 Firmware

Elite X2 1013 G3 Firmware

Elite X2 G4 Firmware

Elitebook 1030 G1 Firmware

Elitebook 1040 G3 Firmware

Elitebook 1040 G4 Firmware

Elitebook 1050 G1 Firmware

Elitebook 820 G3 Firmware

Elitebook 820 G4 Firmware

Affected Vendors

References (2)

Patch https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical