Strix
26.1K

CVE-2021-39301

HIGHCVSS 8.8/10EPSS 0.42%

Last modified

CVE-2021-39301 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.

Description

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.42%

34.0th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
HpZ1 Entry Tower G5 Workstation Firmware< 02.12.00
HpZ1 Entry Tower G6 Workstation Firmware< 02.10.00
HpZ1 G8 Tower Desktop Pc Firmware< 02.07.00
HpZ4 G4 Workstation \(Core-X\) Firmware< 02.75
HpZ4 G4 Workstation \(Xeon W\) Firmware< 02.75
HpZ6 G4 Workstation Firmware< 02.75
HpZ8 G4 Workstation Firmware< 02.75
HpEngage Flex Mini Retail System Firmware< 02.10.00
HpMp9 G4 Retail System Firmware< 02.18.00
HpElite Dragonfly Firmware< 01.12.00
HpElite Dragonfly G2 Firmware< 01.08.00
HpElite Dragonfly Max Firmware< 01.08.00
HpElite X2 1013 G3 Firmware< 01.19.00
HpElite X2 G4 Firmware< 01.12.00
HpElite X2 G8 Tablet Firmware< 01.08.00
HpElitebook 1050 G1 Firmware< 01.19.00
HpElitebook 830 G5 Firmware< 01.19.00
HpElitebook 830 G6 Firmware< 01.12.00
HpElitebook 830 G7 Firmware< 01.08.00
HpElitebook 830 G8 Firmware< 01.08.00
HpElitebook 836 G5 Firmware< 01.19.00
HpElitebook 836 G6 Firmware< 01.12.00
HpElitebook 840 Aero G8 Firmware< 01.08.00
HpElitebook 840 G5 Firmware< 01.19.00
HpElitebook 840 G5 Healthcare Edition Firmware< 01.19.00
HpElitebook 840 G6 Firmware< 01.12.00
HpElitebook 840 G6 Healthcare Edition Firmware< 01.12.00
HpElitebook 840 G7 Firmware< 01.08.00
HpElitebook 840 G8 Firmware< 01.08.00
HpElitebook 840r G4 Firmware< 01.19.00
HpElitebook 846 G5 Firmware< 01.19.00
HpElitebook 850 G5 Firmware< 01.19.00
HpElitebook 850 G6 Firmware< 01.12.00
HpElitebook 850 G7 Firmware< 01.08.00
HpElitebook 850 G8 Firmware< 01.08.00
HpElitebook X360 1030 G3 Firmware< 01.19.00
HpElitebook X360 1030 G4 Firmware< 01.12.00
HpElitebook X360 1030 G7 Firmware< 01.08.00
HpElitebook X360 1030 G8 Firmware< 01.08.00
HpElitebook X360 1040 G5 Firmware< 01.19.00
HpElitebook X360 1040 G6 Firmware< 01.12.00
HpElitebook X360 1040 G7 Firmware< 01.08.00
HpElitebook X360 1040 G8 Firmware< 01.08.00
HpElitebook X360 830 G5 Firmware< 01.19.00
HpElitebook X360 830 G6 Firmware< 01.12.00
HpElitebook X360 830 G7 Firmware< 01.08.00
HpElitebook X360 830 G8 Firmware< 01.08.00
HpProbook 430 G5 Firmware< 01.19.00
HpProbook 430 G6 Firmware< 01.19.00
HpProbook 430 G7 Firmware< 01.12.00

Showing 50 of 187 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-39301?
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
How severe is CVE-2021-39301?
CVE-2021-39301 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.42% probability of exploitation in the next 30 days.
How do I fix CVE-2021-39301?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-39301?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST