CVE-2023-26299

moderate-risk
Published 2023-06-30

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (20)

260 G4 Desktop Mini Firmware
T430 Firmware
T628 Firmware
240 G10 Firmware
245 G6 Firmware
245 G7 Firmware
245 G8 Firmware
247 G8 Firmware
250 G10 Firmware
255 G10 Firmware
349 G7 Firmware
470 G10 Firmware
470 G9 Firmware
Zhan 99 G2 Firmware
Zhan 99 G4 Firmware
Vr Backpack G2 Firmware
200 G3 Firmware
200 G4 22 All-In-One Firmware
200 Pro G4 22 All-In-One Firmware
205 G4 22 All-In-One Firmware

Affected Vendors

Hp

References (2)

Patch https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850
Patch https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850
46
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 27/34 · High