high
7
CWE
367
Advisory Published
Updated

CVE-2023-26299

First published: Fri Jun 30 2023(Updated: )

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Credit: hp-security-alert@hp.com

Affected SoftwareAffected VersionHow to fix
Hp 260 G4 Desktop Mini Firmware<2.14
Hp 260 G4 Desktop Mini
Hp T430 Firmware<00.01.11
Hp T430
Hp T628 Firmware<00.01.10
Hp T628
Hp 240 G10 Firmware<f.04
Hp 240 G10
Hp 245 G6 Firmware<f.35
Hp 245 G6
Hp 245 G7 Firmware<f.69
Hp 245 G7
Hp 245 G8 Firmware<f.25
Hp 245 G8
Hp 247 G8 Firmware<f.69
Hp 247 G8
Hp 250 G10 Firmware<f.05
Hp 250 G10
Hp 255 G10 Firmware<f.08
Hp 255 G10
Hp 349 G7 Firmware<f.28
Hp 349 G7
Hp 470 G10 Firmware<f.02
Hp 470 G10
Hp 470 G9 Firmware<f.05
Hp 470 G9
Hp Zhan 99 G2 Firmware<f.24
Hp Zhan 99 G2
Hp Zhan 99 G4 Firmware<f.08
Hp Zhan 99 G4
Hp Vr Backpack G2 Firmware<f.28
Hp Vr Backpack G2
Hp 200 G3 Firmware
Hp 200 G3
Hp 200 G4 22 All-in-one Firmware
Hp 200 G4 22 All-in-one
Hp 200 Pro G4 22 All-in-one Firmware
Hp 200 Pro G4 22 All-in-one
Hp 205 G4 22 All-in-one Firmware
Hp 205 G4 22 All-in-one
Hp 205 Pro G4 22 All-in-one Firmware
Hp 205 Pro G4 22 All-in-one
Hp 280 G3 Firmware
Hp 280 G3
Hp 280 G4 Firmware
Hp 280 G4
Hp 280 G4 Microtower Firmware
Hp 280 G4 Microtower
Hp 280 G5 Firmware
Hp 280 G5
Hp 280 G5 Small Form Factor Firmware
Hp 280 G5 Small Form Factor
Hp 280 G6 Firmware
Hp 280 G6
Hp 280 G8 Microtower Firmware
Hp 280 G8 Microtower
Hp 280 Pro G3 Firmware
Hp 280 Pro G3
Hp 280 Pro G4 Microtower Firmware
Hp 280 Pro G4 Microtower
Hp 280 Pro G5 Small Form Factor Firmware
Hp 280 Pro G5 Small Form Factor
Hp 282 G5 Firmware
Hp 282 G5
Hp 282 G6 Firmware
Hp 282 G6
Hp 282 Pro G4 Microtower Firmware
Hp 282 Pro G4 Microtower
Hp 288 G5 Firmware
Hp 288 G5
Hp 288 G6 Firmware
Hp 288 G6
Hp 288 Pro G4 Microtower Firmware
Hp 288 Pro G4 Microtower
Hp 290 G1 Firmware
Hp 290 G1
Hp 290 G2 Firmware
Hp 290 G2
Hp 290 G2 Microtower Firmware
Hp 290 G2 Microtower
Hp 290 G3 Firmware
Hp 290 G3
Hp 290 G3 Small Form Factor Firmware
Hp 290 G3 Small Form Factor
Hp 290 G4 Firmware
Hp 290 G4
Hp Desktop Pro G1 Microtower Firmware
Hp Desktop Pro G1 Microtower
Hp Pro Small Form Factor 280 G9 Desktop Firmware
Hp Pro Small Form Factor 280 G9 Desktop
Hp Pro Small Form Factor 290 G9 Desktop Firmware
Hp Pro Small Form Factor 290 G9 Desktop
Hp Pro Small Form Factor Zhan 66 G9 Desktop Firmware
Hp Pro Small Form Factor Zhan 66 G9 Desktop
Hp Pro Tower 200 G9 Desktop Firmware
Hp Pro Tower 200 G9 Desktop
Hp Pro Tower 280 G9 Desktop Firmware
Hp Pro Tower 280 G9 Desktop
Hp Pro Tower 290 G9 Desktop Firmware
Hp Pro Tower 290 G9 Desktop
Hp Pro Tower Zhan 99 G9 Desktop Firmware
Hp Pro Tower Zhan 99 G9 Desktop
Hp Proone 240 G10 Firmware
Hp Proone 240 G10
Hp Proone 240 G9 Firmware
Hp Proone 240 G9
Hp Proone 440 G3 Firmware
Hp Proone 440 G3
Hp Proone 490 G3 Firmware
Hp Proone 490 G3
Hp Proone 496 G3 Firmware
Hp Proone 496 G3
Hp Z Vr Backpack G1 Workstation Firmware
Hp Z Vr Backpack G1 Workstation
Hp Zhan 86 Pro G2 Microtower Firmware
Hp Zhan 86 Pro G2 Microtower
Hp Zhan 99 Pro G1 Microtower Firmware
Hp Zhan 99 Pro G1 Microtower

Remedy

https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203