CVE-2021-3661

moderate-risk
Published 2022-12-12

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

Do I need to act?

-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10 High
LOCAL / LOW complexity

Affected Products (20)

Z1 All-In-One G3 Firmware
Z2 Mini G3 Firmware
Z2 Mini G4 Firmware
Z2 Mini G5 Firmware
Z2 Small Form Factor G4 Firmware
Z2 Small Form Factor G5 Firmware
Z2 Small Form Factor G8 Firmware
Z2 Tower G4 Firmware
Z2 Tower G5 Firmware
Z2 Tower G8 Firmware
Z238 Microtower Firmware
Z240 Small Form Factor Firmware
Z240 Tower Firmware
Z4 G4 Firmware
Z440 Firmware
Z6 G4 Firmware
Z640 Firmware
Z8 G4 Firmware
Z840 Firmware
Zcentral 4R Firmware

Affected Vendors

Hp

References (2)

Vendor Advisory https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770
Vendor Advisory https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770
47
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate