Vulnerabilities > CVE-2021-3661 - Unspecified vulnerability in HP products

CVSS 8.4 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2022-12-12

Updated: 2022-12-19

Summary

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Hp HP Z1 ALL IN ONE G3 Firmware 01.31 HP Z2 Mini G3 Firmware 01.83 HP Z2 Mini G4 Firmware 01.08.01 HP Z2 Mini G5 Firmware 01.03.00_Rev_A HP Z2 Small Form Factor G4 Firmware 01.08.01 HP Z2 Small Form Factor G5 Firmware 01.03.00_Rev_A HP Z2 Small Form Factor G8 Firmware 01.03.00_Rev_A HP Z2 Tower G4 Firmware 01.08.01 HP Z2 Tower G5 Firmware 01.03.00_Rev_A HP Z2 Tower G8 Firmware 01.03.00_Rev_A HP Z238 Microtower Firmware 01.83 HP Z240 Small Form Factor Firmware 01.83 HP Z240 Tower Firmware 01.83 HP Z4 G4 Firmware 02.75 HP Z440 Firmware 2.58 HP Z6 G4 Firmware 02.75 HP Z640 Firmware 2.58 HP Z8 G4 Firmware 02.75 HP Z840 Firmware 2.58 HP Zcentral 4R Firmware 01.18	20
Hardware	Hp HP Z1 ALL IN ONE G3 - HP Z2 Mini G3 - HP Z2 Mini G4 - HP Z2 Mini G5 - HP Z2 Small Form Factor G4 - HP Z2 Small Form Factor G5 - HP Z2 Small Form Factor G8 - HP Z2 Tower G4 - HP Z2 Tower G5 - HP Z2 Tower G8 - HP Z238 Microtower - HP Z240 Small Form Factor - HP Z240 Tower - HP Z4 G4 - HP Z440 - HP Z6 G4 - HP Z640 - HP Z8 G4 - HP Z840 - HP Zcentral 4R -	20

References

https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770