CVE-2019-18913
First published: Fri Jan 31 2020(Updated: )
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP EliteDesk 800 G5 Desktop Mini Firmware | <02.04.02 | |
| HP EliteDesk 800 G5 Desktop Mini | ||
| HP EliteDesk 800 G5 SFF Firmware | <02.04.02 | |
| HP EliteDesk 800 G5 SFF Firmware | ||
| HP EliteDesk 800 G5 Tower Firmware | <02.04.02 | |
| HP EliteDesk 800 G5 TWR Firmware | ||
| HP EliteOne 800 G5 AIO Firmware | <02.04.02 | |
| HP EliteOne 800 G5 AIO Firmware | ||
| HP ProDesk 400 G5 Firmware | <02.04.01 | |
| HP ProDesk 400 G5 DM Firmware | ||
| HP ProDesk 400 G6 Firmware | <02.04.01 | |
| HP ProDesk 400 G6 MT Firmware | ||
| HP ProDesk 400 G6 Firmware | <02.04.02 | |
| HP ProDesk 400 G6 SFF Firmware | ||
| HP Prodesk 480 G6 Firmware | <02.04.01 | |
| HP ProDesk 480 G6 | ||
| HP ProDesk 600 G5 Firmware | <02.04.01 | |
| HP ProDesk 600 G5 DM Firmware | ||
| HP ProDesk 600 G5 Firmware | <02.04.01 | |
| HP ProDesk 600 G5 | ||
| HP ProDesk 600 G5 PCI MT Firmware | <02.04.01 | |
| HP ProDesk 600 G5 PCI MT Firmware | ||
| HP ProDesk 600 G5 Firmware | <02.04.01 | |
| HP ProDesk 600 G5 SFF Firmware | ||
| HP ProOne 400 G5 AIO | <02.04.01 | |
| HP ProOne 400 G5 AIO Firmware | ||
| HP ProOne 440 G5 Firmware | <02.04.01 | |
| HP ProOne 440 G5 | ||
| HP ProOne 600 G5 All-in-One Firmware | <02.04.01 | |
| HP ProOne 600 G5 All-in-One Firmware | ||
| HP Elite Dragonfly Firmware | <01.04.02 | |
| HP Elite Dragonfly | ||
| HP Elite x2 G4 | <01.04.02 | |
| HP Elite x2 G4 Firmware | ||
| HP EliteBook x360 830 G6 Firmware | <01.04.02 | |
| HP EliteBook 830 G6 Firmware | ||
| HP EliteBook 836 G6 Firmware | <01.04.02 | |
| HP EliteBook 836 G6 Firmware | ||
| HP EliteBook 840 G6 Firmware | <01.04.02 | |
| HP EliteBook 840 G6 Firmware | ||
| HP EliteBook 840 G6 Healthcare Edition Firmware | <01.04.02 | |
| HP EliteBook 840 G6 Healthcare Edition Firmware | ||
| HP EliteBook 846 G6 Firmware | <01.04.02 | |
| HP EliteBook 846 G6 Firmware | ||
| HP EliteBook 846 G6 Healthcare Edition Firmware | <01.04.02 | |
| HP EliteBook 846 G6 Healthcare Edition Firmware | ||
| HP EliteBook 850 G6 Firmware | <01.04.02 | |
| HP EliteBook 850 G6 Firmware | ||
| HP EliteBook x360 1030 G4 | <01.04.02 | |
| HP EliteBook x360 1030 G4 Firmware | ||
| HP EliteBook x360 1040 G6 | <01.04.02 | |
| HP EliteBook x360 1040 G6 | ||
| HP EliteBook x360 830 G6 Firmware | <01.04.02 | |
| HP EliteBook x360 830 G6 Firmware | ||
| HP ProBook 640 G5 | <01.04.02 | |
| HP ProBook 640 G5 Firmware | ||
| HP ProBook 650 G5 Firmware | <01.04.02 | |
| HP ProBook 650 G5 Firmware | ||
| HP ZBook 14u G6 Mobile Workstation Firmware | <01.04.02 | |
| HP ZBook 14u G6 Mobile Workstation Firmware | ||
| HP ZBook 15u G6 Mobile Workstation | <01.04.02 | |
| HP ZBook 15u G6 | ||
| HP Zhan X 13 G2 Firmware | <01.04.02 | |
| HP Zhan X 13 G2 Firmware | ||
| HP ZBook 17u G6 Mobile Workstation Firmware | <01.04.02 | |
| HP ZBook 17u G6 Mobile Workstation Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-18913?
CVE-2019-18913 is considered a critical security vulnerability due to its potential for unauthorized UEFI code execution.
How do I fix CVE-2019-18913?
To fix CVE-2019-18913, update the UEFI firmware to the latest version provided by HP.
Which products are affected by CVE-2019-18913?
CVE-2019-18913 affects multiple HP models including EliteDesk, ProDesk, EliteOne, and ZBook series with specific firmware versions.
What type of attack does CVE-2019-18913 facilitate?
CVE-2019-18913 enables open-case physical attacks that could allow unauthorized access to UEFI firmware.
Is it safe to leave systems vulnerable to CVE-2019-18913?
Leaving systems vulnerable to CVE-2019-18913 poses significant security risks, including potential remote code execution.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp elitedesk 800 g5 desktop mini firmware
- canonical/hp elitedesk 800 g5 desktop mini
- canonical/hp elitedesk 800 g5 sff firmware
- canonical/hp elitedesk 800 g5 tower firmware
- canonical/hp elitedesk 800 g5 twr firmware
- canonical/hp eliteone 800 g5 aio firmware
- canonical/hp prodesk 400 g5 firmware
- canonical/hp prodesk 400 g5 dm firmware
- canonical/hp prodesk 400 g6 firmware
- canonical/hp prodesk 400 g6 mt firmware
- canonical/hp prodesk 400 g6 sff firmware
- canonical/hp prodesk 480 g6 firmware
- canonical/hp prodesk 480 g6
- canonical/hp prodesk 600 g5 firmware
- canonical/hp prodesk 600 g5 dm firmware
- canonical/hp prodesk 600 g5
- canonical/hp prodesk 600 g5 pci mt firmware
- canonical/hp prodesk 600 g5 sff firmware
- canonical/hp proone 400 g5 aio
- canonical/hp proone 400 g5 aio firmware
- canonical/hp proone 440 g5 firmware
- canonical/hp proone 440 g5
- canonical/hp proone 600 g5 all-in-one firmware
- canonical/hp elite dragonfly firmware
- canonical/hp elite dragonfly
- canonical/hp elite x2 g4
- canonical/hp elite x2 g4 firmware
- canonical/hp elitebook x360 830 g6 firmware
- canonical/hp elitebook 830 g6 firmware
- canonical/hp elitebook 836 g6 firmware
- canonical/hp elitebook 840 g6 firmware
- canonical/hp elitebook 840 g6 healthcare edition firmware
- canonical/hp elitebook 846 g6 firmware
- canonical/hp elitebook 846 g6 healthcare edition firmware
- canonical/hp elitebook 850 g6 firmware
- canonical/hp elitebook x360 1030 g4
- canonical/hp elitebook x360 1030 g4 firmware
- canonical/hp elitebook x360 1040 g6
- canonical/hp probook 640 g5
- canonical/hp probook 640 g5 firmware
- canonical/hp probook 650 g5 firmware
- canonical/hp zbook 14u g6 mobile workstation firmware
- canonical/hp zbook 15u g6 mobile workstation
- canonical/hp zbook 15u g6
- canonical/hp zhan x 13 g2 firmware
- canonical/hp zbook 17u g6 mobile workstation firmware