high
7.2
Advisory Published
Updated

CVE-2019-18913

First published: Fri Jan 31 2020(Updated: )

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Credit: hp-security-alert@hp.com

Affected SoftwareAffected VersionHow to fix
Hp Elitedesk 800 G5 Dm Firmware<02.04.02
Hp Elitedesk 800 G5 Dm
Hp Elitedesk 800 G5 Sff Firmware<02.04.02
Hp Elitedesk 800 G5 Sff
Hp Elitedesk 800 G5 Twr Firmware<02.04.02
Hp Elitedesk 800 G5 Twr
Hp Eliteone 800 G5 Aio Firmware<02.04.02
Hp Eliteone 800 G5 Aio
Hp Prodesk 400 G5 Dm Firmware<02.04.01
Hp Prodesk 400 G5 Dm
Hp Prodesk 400 G6 Mt Firmware<02.04.01
Hp Prodesk 400 G6 Mt
Hp Prodesk 400 G6 Sff Firmware<02.04.02
Hp Prodesk 400 G6 Sff
Hp Prodesk 480 G6 Mt Firmware<02.04.01
Hp Prodesk 480 G6 Mt
Hp Prodesk 600 G5 Dm Firmware<02.04.01
Hp Prodesk 600 G5 Dm
Hp Prodesk 600 G5 Mt Firmware<02.04.01
Hp Prodesk 600 G5 Mt
Hp Prodesk 600 G5 Pci Mt Firmware<02.04.01
Hp Prodesk 600 G5 Pci Mt
Hp Prodesk 600 G5 Sff Firmware<02.04.01
Hp Prodesk 600 G5 Sff
Hp Proone 400 G5 Aio Firmware<02.04.01
Hp Proone 400 G5 Aio
Hp Proone 440 G5 Aio Firmware<02.04.01
Hp Proone 440 G5 Aio
Hp Proone 600 G5 Aio Firmware<02.04.01
Hp Proone 600 G5 Aio
Hp Elite Dragonfly Firmware<01.04.02
Hp Elite Dragonfly
Hp Elite X2 G4 Firmware<01.04.02
Hp Elite X2 G4
Hp Elitebook 830 G6 Firmware<01.04.02
Hp Elitebook 830 G6
Hp Elitebook 836 G6 Firmware<01.04.02
Hp Elitebook 836 G6
Hp Elitebook 840 G6 Firmware<01.04.02
Hp Elitebook 840 G6
Hp Elitebook 840 G6 Healthcare Edition Firmware<01.04.02
Hp Elitebook 840 G6 Healthcare Edition
Hp Elitebook 846 G6 Firmware<01.04.02
Hp Elitebook 846 G6
Hp Elitebook 846 G6 Healthcare Edition Firmware<01.04.02
Hp Elitebook 846 G6 Healthcare Edition
Hp Elitebook 850 G6 Firmware<01.04.02
Hp Elitebook 850 G6
Hp Elitebook X360 1030 G4 Firmware<01.04.02
Hp Elitebook X360 1030 G4
Hp Elitebook X360 1040 G6 Firmware<01.04.02
Hp Elitebook X360 1040 G6
Hp Elitebook X360 830 G6 Firmware<01.04.02
Hp Elitebook X360 830 G6
Hp Probook 640 G5 Firmware<01.04.02
Hp Probook 640 G5
Hp Probook 650 G5 Firmware<01.04.02
Hp Probook 650 G5
Hp Zbook 14u G6 Mobile Workstation Firmware<01.04.02
Hp Zbook 14u G6 Mobile Workstation
Hp Zbook 15u G6 Mobile Workstation Firmware<01.04.02
Hp Zbook 15u G6 Mobile Workstation
Hp Zhan X 13 G2 Firmware<01.04.02
Hp Zhan X 13 G2
Hp Zbook 17u G6 Mobile Workstation Firmware<01.04.02
Hp Zbook 17u G6 Mobile Workstation

Remedy

https://support.hp.com/us-en/document/c06549501

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203