CVE-2021-39297
HIGHCVSS 8.8/10EPSS 0.44%
Last modified
CVE-2021-39297 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hp | 260 G3 Desktop Mini Pc Firmware | <= 2.17.00 |
| Hp | Elitedesk 800 35w G4 Desktop Mini Pc Firmware | <= 2.18.00 |
| Hp | Elitedesk 800 65w G4 Desktop Mini Pc Firmware | <= 2.18.00 |
| Hp | Elitedesk 800 95w G4 Desktop Mini Pc Firmware | <= 2.18.00 |
| Hp | Elitedesk 800 G4 Small Form Factor Pc Firmware | <= 2.18.00 |
| Hp | Elitedesk 800 G4 Tower Pc Firmware | <= 2.18.00 |
| Hp | Elitedesk 800 G4 Workstation Edition Firmware | <= 2.18.00 |
| Hp | Elitedesk 800 G5 Desktop Mini Pc Firmware | <= 2.12.00 |
| Hp | Elitedesk 800 G5 Small Form Factor Pc Firmware | <= 2.12.00 |
| Hp | Elitedesk 800 G5 Tower Pc Firmware | <= 2.12.00 |
| Hp | Elitedesk 800 G6 Desktop Mini Pc Firmware | <= 2.10.00 |
| Hp | Elitedesk 800 G6 Small Form Factor Pc Firmware | <= 2.10.00 |
| Hp | Elitedesk 800 G6 Tower Pc Firmware | <= 2.10.00 |
| Hp | Elitedesk 800 G8 Desktop Mini Pc Firmware | <= 2.07.00 |
| Hp | Elitedesk 800 G8 Small Form Factor Pc Firmware | <= 2.07.00 |
| Hp | Elitedesk 800 G8 Tower Pc Firmware | <= 2.07.00 |
| Hp | Elitedesk 805 G6 Desktop Mini Pc Firmware | <= 2.07.00 |
| Hp | Elitedesk 805 G6 Small Form Factor Pc Firmware | <= 2.07.00 |
| Hp | Elitedesk 805 G8 Desktop Mini Pc Firmware | <= 2.03.00 |
| Hp | Elitedesk 805 G8 Small Form Factor Pc Firmware | <= 2.03.00 |
| Hp | Elitedesk 880 G4 Tower Pc Firmware | <= 2.18.00 |
| Hp | Elitedesk 880 G5 Tower Pc Firmware | <= 2.12.00 |
| Hp | Elitedesk 880 G6 Tower Pc Firmware | <= 2.10.00 |
| Hp | Elitedesk 880 G8 Tower Pc Firmware | <= 2.07.00 |
| Hp | Eliteone 1000 G2 23.8-In All-In-One Business Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 1000 G2 23.8-In Touch All-In-One Business Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 1000 G2 27-In 4k Uhd All-In-One Business Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 1000 G2 34-In Curved All-In-One Business Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 800 G4 23.8-In Healthcare Edition All-In-One Business Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 800 G4 23.8-Inch Non-Touch All-In-One Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 800 G4 23.8-Inch Non-Touch Gpu All-In-One Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 800 G4 23.8-Inch Touch All-In-One Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 800 G4 23.8-Inch Touch Gpu All-In-One Pc Firmware | <= 2.18.00 |
| Hp | Eliteone 800 G5 23.8-In Healthcare Edition All-In-One Firmware | <= 2.12.00 |
| Hp | Eliteone 800 G5 23.8-Inch All-In-One Firmware | <= 2.12.00 |
| Hp | Eliteone 800 G6 24 All-In-One Pc Firmware | <= 2.10.00 |
| Hp | Eliteone 800 G6 27 All-In-One Pc Firmware | <= 2.10.00 |
| Hp | Eliteone 800 G8 24 All-In-One Pc Firmware | <= 2.07.00 |
| Hp | Eliteone 800 G8 27 All-In-One Pc Firmware | <= 2.07.00 |
| Hp | Prodesk 400 G4 Desktop Mini Pc Firmware | <= 2.18.00 |
| Hp | Prodesk 400 G5 Desktop Mini Pc Firmware | <= 2.12.00 |
| Hp | Prodesk 400 G5 Microtower Pc Firmware | <= 2.18.00 |
| Hp | Prodesk 400 G5 Small Form Factor Pc Firmware | <= 2.18.00 |
| Hp | Prodesk 400 G6 Desktop Mini Pc Firmware | <= 2.10.00 |
| Hp | Prodesk 400 G6 Microtower Pc Firmware | <= 2.12.00 |
| Hp | Prodesk 400 G6 Small Form Factor Pc Firmware | <= 2.12.00 |
| Hp | Prodesk 400 G7 Microtower Pc Firmware | <= 2.10.00 |
| Hp | Prodesk 400 G7 Small Form Factor Pc Firmware | <= 2.10.00 |
| Hp | Prodesk 405 G8 Desktop Mini Pc Firmware | <= 2.03.00 |
| Hp | Prodesk 405 G8 Small Form Factor Pc Firmware | <= 2.03.00 |
Showing 50 of 187 affected configurations. See NVD for the full list.
References
- https://support.hp.com/us-en/document/ish_5661066-5661090-16Patch, Vendor Advisory
- https://support.hp.com/us-en/document/ish_5661066-5661090-16Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-39297?
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
How severe is CVE-2021-39297?
CVE-2021-39297 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.44% probability of exploitation in the next 30 days.
How do I fix CVE-2021-39297?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-39297?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST