CVE-2019-6321
First published: Wed May 29 2019(Updated: )
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP z4 g4 core-x Workstation Firmware | <1.70 | |
| HP Z4 G4 Core-X Workstation Firmware | ||
| HP Z4 G4 Core-X Workstation Firmware | <1.70 | |
| HP Z4 G4 Workstation | ||
| HP Z6 G4 Workstation | <1.71 | |
| HP Z6 G4 Workstation Firmware | ||
| HP z8 G4 Workstation Firmware | <1.71 | |
| HP Z8 G4 Workstation Firmware | ||
| HP Z4 G4 Workstation Firmware | <1.70 | |
| HP z4 g4 core-x Workstation Firmware | <1.70 | |
| HP z6 g4 Workstation Firmware linux | <1.71 | |
| HP z8 G4 Workstation Firmware | <1.71 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this HP BIOS security vulnerability?
The vulnerability ID for this HP BIOS security vulnerability is CVE-2019-6321.
What is the severity of CVE-2019-6321?
The severity of CVE-2019-6321 is critical, with a severity value of 7.2.
Which versions of HP Workstation BIOS (UEFI Firmware) are affected by this vulnerability?
This vulnerability affects some versions of HP Workstation BIOS (UEFI Firmware), including Hp Z4 G4 Workstation Firmware (up to version 1.70), Hp Z4 G4 Core-x Workstation Firmware (up to version 1.70), Hp Z6 G4 Workstation Firmware (up to version 1.71), and Hp Z8 G4 Workstation Firmware (up to version 1.71).
What is the impact of this vulnerability?
The impact of this vulnerability is that the runtime BIOS code could be tampered with if the TPM is disabled.
How can I fix CVE-2019-6321?
To fix CVE-2019-6321, it is recommended to enable the TPM (Trusted Platform Module) on the affected HP workstations.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp z4 g4 core-x workstation firmware
- canonical/hp z4 g4 workstation
- canonical/hp z6 g4 workstation
- canonical/hp z6 g4 workstation firmware
- canonical/hp z8 g4 workstation firmware
- canonical/hp z4 g4 workstation firmware
- canonical/hp z6 g4 workstation firmware linux