CVE-2023-26300

high-risk
Published 2023-10-18

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.

Do I need to act?

-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Zhan 66 Pro A G1 R Microtower Firmware
T638 Thin Client Firmware
Stream 11 Pro G5 Firmware
240 G10 Firmware
240 G6 Firmware
240 G7 Firmware
240 G9 Firmware
245 G10 Firmware
245 G7 Firmware
245 G8 Firmware
245 G9 Firmware
245 Firmware
246 G6 Firmware
246 G7 Firmware
247 G8 Firmware
250 G10 Firmware
250 G6 Firmware
250 G7 Firmware
250 G9 Firmware
255 G10 Firmware

Affected Vendors

Hp

References (2)

Patch https://support.hp.com/us-en/document/ish_9461800-9461828-16
Patch https://support.hp.com/us-en/document/ish_9461800-9461828-16
54
/ 100
high-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 29/34 · Critical