CVE-2021-39300

high-risk
Published 2022-02-16

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Prodesk 680 G4 Microtower Pc\(With Pci Slot\) Firmware
Prodesk 680 G6 Pci Microtower Pc Firmware
Proone 400 G4 20-Inch Non-Touch All-In-One Business Pc Firmware
Proone 400 G4 23.8-Inch Non-Touch All-In-One Business Pc Firmware
Proone 400 G5 20-Inch All-In-One Business Pc Firmware
Proone 400 G5 23.8-Inch All-In-One Business Pc Firmware
Proone 400 G6 20 All-In-One Pc Firmware
Proone 400 G6 24 All-In-One Pc Firmware
Proone 440 G4 23.8-Inch Non-Touch All-In-One Business Pc Firmware
Proone 440 G5 23.8-In All-In-One Business Pc Firmware
Proone 440 G6 24 All-In-One Pc Firmware
Proone 600 G4 21.5-Inch Touch All-In-One Business Pc Firmware
Proone 600 G5 21.5-In All-In-One Business Pc Firmware
Proone 600 G6 22 All-In-One Pc Firmware
Zhan 66 Pro G3 22 All-In-One Pc Firmware
Zhan 66 Pro G3 24 All-In-One Pc Firmware
Z1 Entry Tower G5 Workstation Firmware
Z1 Entry Tower G6 Workstation Firmware
Z1 G8 Tower Desktop Pc Firmware
Z4 G4 Workstation \(Core-X\) Firmware

Affected Vendors

Hp

References (2)

Patch https://support.hp.com/us-en/document/ish_5661066-5661090-16
Patch https://support.hp.com/us-en/document/ish_5661066-5661090-16
60
/ 100
high-risk
Severity 27/34 · High
Exploitability 0/34 · Minimal
Exposure 33/34 · Critical