CVE-2019-16284

Name: CVE-2019-16284
Creator: NVD / NIST
Published: 2019-11-05T21:15:13.463+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.2/10EPSS 1.96%

Last modified Jun 17, 2026

CVE-2019-16284 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. EPSS estimates a 1.96% chance of exploitation in the next 30 days.

Description

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.96%

77.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Hp	260 G1 Dm Firmware	< 2.27
Hp	280 Pro G1 Firmware	< 80.3
Hp	285 G2 Firmware	< a0.23
Hp	340 G3 Firmware	< f.48
Hp	340 G4 Firmware	< f.55
Hp	346 G3 Firmware	< f.48
Hp	346 G4 Firmware	< f.46
Hp	348 G3 Firmware	< f.48
Hp	348 G4 Firmware	< f.55
Hp	Elite Slice Firmware	< 2.42
Hp	Elite X2 1011 G1 Firmware	< 1.27
Hp	Elite X2 1012 G1 Firmware	< 1.42
Hp	Elitebook 1030 G1 Firmware	< 1.42
Hp	Elitebook 1040 G2 Firmware	< 1.17
Hp	Elitebook 720 G1 Firmware	< 1.48
Hp	Elitebook 720 G2 Firmware	< 1.29
Hp	Elitebook 740 G1 Firmware	< 1.48
Hp	Elitebook 740 G2 Firmware	< 1.29
Hp	Elitebook 750 G1 Firmware	< 1.48
Hp	Elitebook 750 G2 Firmware	< 1.29
Hp	Elitebook 820 G1 Firmware	< 1.48
Hp	Elitebook 820 G2 Firmware	< 1.29
Hp	Elitebook 820 G3 Firmware	< 1.42
Hp	Elitebook 828 G3 Firmware	< 1.42
Hp	Elitebook 840 G1 Firmware	< 1.48
Hp	Elitebook 840 G2 Firmware	< 1.29
Hp	Elitebook 840 G3 Firmware	< 1.42
Hp	Elitebook 848 G3 Firmware	< 1.42
Hp	Elitebook 850 G1 Firmware	< 1.48
Hp	Elitebook 850 G2 Firmware	< 1.29
Hp	Elitebook 850 G3 Firmware	< 1.42
Hp	Elitebook Folio 1020 G1 Firmware	< 1.24
Hp	Elitebook Folio 1040 G1 Firmware	< 1.44
Hp	Elitebook Folio 1040 G3 Firmware	< 1.42
Hp	Elitebook Folio 9480m Firmware	< 1.49
Hp	Elitebook Folio G1 Firmware	< 1.42
Hp	Elitebook Revolve 810 G2 Firmware	< 1.45
Hp	Elitebook Revolve 810 G3 Firmware	< 1.2
Hp	Elitedesk 800 G2 Dm Firmware	< 2.42
Hp	Elitedesk 800 G2 Sff Firmware	< 2.42
Hp	Elitedesk 800 G2 Twr Firmware	< 2.42
Hp	Eliteone 800 G2 Aio Firmware	< 2.42
Hp	Elitepad 1000 G2 Firmware	< 1.48
Hp	Mp9 G2 Retail System Firmware	< 2.42
Hp	Pro Tablet 10 Ee G1 Firmware	< 1.31
Hp	Pro Tablet 608 G1 Firmware	< 1.21
Hp	Pro Tablet 610 G1 Firmware	< f.16
Hp	Pro X2 612 G1 Firmware	< 1.48
Hp	Probook 11 G1 Firmware	< 1.17
Hp	Probook 11 G2 Firmware	< 1.42

Showing 50 of 102 affected configurations. See NVD for the full list.

References

https://support.hp.com/rs-en/document/c06456250Vendor Advisory
https://support.hp.com/rs-en/document/c06456250Vendor Advisory

Timeline

Published: Nov 5, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-16284?

How severe is CVE-2019-16284?

CVE-2019-16284 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 1.96% probability of exploitation in the next 30 days.

How do I fix CVE-2019-16284?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-16284?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST