Strix
26.1K

CVE-2021-3808

HIGHCVSS 7.8/10EPSS 0.24%

Last modified

CVE-2021-3808 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.24%

15.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HpElite Dragonfly Firmware01.12.00
HpElite X2 1012 G2 Firmware1.41
HpElite X2 1013 G3 Firmware01.19.00
HpElite X2 G4 Firmware01.12.00
HpElitebook 1040 G4 Firmware1.41
HpElitebook 1050 G1 Firmware01.19.00
HpElitebook 725 G4 Firmware1.4
HpElitebook 735 G5 Firmware01.20.00
HpElitebook 735 G6 Firmware01.19.00
HpElitebook 745 G4 Firmware1.4
HpElitebook 745 G5 Firmware01.20.00
HpElitebook 745 G6 Firmware01.19.00
HpElitebook 755 G4 Firmware1.4
HpElitebook 755 G5 Firmware01.20.00
HpElitebook 820 G4 Firmware1.41
HpElitebook 828 G4 Firmware1.41
HpElitebook 830 G5 Firmware01.19.00
HpElitebook 830 G6 Firmware01.12.00
HpElitebook 836 G5 Firmware01.19.00
HpElitebook 836 G6 Firmware01.12.00
HpElitebook 840 G4 Firmware1.41
HpElitebook 840 G5 Firmware01.19.00
HpElitebook 840 G6 Firmware01.12.00
HpElitebook 840r G4 Firmware01.19.00
HpElitebook 846 G5 Firmware01.19.00
HpElitebook 848 G4 Firmware1.41
HpElitebook 850 G4 Firmware1.41
HpElitebook 850 G5 Firmware01.19.00
HpElitebook 850 G6 Firmware01.12.00
HpElitebook X360 1020 G2 Firmware1.41
HpElitebook X360 1030 G2 Firmware1.41
HpElitebook X360 1030 G3 Firmware01.19.00
HpElitebook X360 1030 G4 Firmware01.12.00
HpElitebook X360 1040 G5 Firmware01.19.00
HpElitebook X360 1040 G6 Firmware01.12.00
HpElitebook X360 830 G5 Firmware01.19.00
HpElitebook X360 830 G6 Firmware01.12.00
HpPro X2 612 G2 Firmware1.41
HpProbook 11 Ee G2 Firmware1.55
HpProbook 430 G4 Firmware1.41
HpProbook 430 G5 Firmware01.20.00
HpProbook 430 G6 Firmware01.19.00
HpProbook 440 G4 Firmware1.41
HpProbook 440 G5 Firmware01.20.00
HpProbook 440 G6 Firmware01.19.00
HpProbook 445 G6 Firmware01.19.00
HpProbook 445r G6 Firmware01.19.00
HpProbook 450 G4 Firmware1.41
HpProbook 450 G5 Firmware01.20.00
HpProbook 450 G6 Firmware01.19.00

Showing 50 of 181 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-3808?
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
How severe is CVE-2021-3808?
CVE-2021-3808 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2021-3808?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-3808?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST