high
7
CWE
367
Advisory Published
Updated

CVE-2023-26299

First published: Fri Jun 30 2023(Updated: )

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Credit: hp-security-alert@hp.com

Affected SoftwareAffected VersionHow to fix
HP 260 G4 Desktop Mini Firmware<2.14
HP 260 G4 Desktop Mini Firmware
HP t430 Thin Client firmware<00.01.11
HP t430 Thin Client
HP t628 Firmware<00.01.10
HP t628
HP ProOne 240 G10 Firmware<f.04
HP ProOne 240 G10
HP 245 firmware<f.35
HP 245 G6 Notebook PC
HP 245 firmware<f.69
HP 245
HP 245 firmware<f.25
HP 245
HP 247 G8<f.69
HP 247 G8
HP 250 g10 Firmware<f.05
HP 250 g10 Firmware
HP 255 G10 Firmware<f.08
HP 255 g10 Firmware
HP 349 G7 Firmware<f.28
HP 349 G7 Firmware
HP 470 G10<f.02
HP 470 G10
HP 470 G9 Firmware<f.05
HP 470 G9 Firmware
HP Zhan 99 G2 Firmware<f.24
HP Zhan 99 G2 Firmware
HP Zhan 99 G4 Firmware<f.08
HP Zhan 99 G4 Firmware
HP VR Backpack G2<f.28
HP VR Backpack G2 Firmware
HP 200 G3 Firmware
HP 200 g3 Firmware
HP 200 g4 22 all-in-one PC firmware
HP 200 G4 22 All-in-One PC
HP 200 Pro G4 22 All-in-One Firmware
HP 200 Pro G4 22 All-in-One Firmware
HP 205 G4 22 All-in-One Firmware
HP 205 G4 22 All-in-One PC Firmware
HP 205 Pro G4 22 All-in-One PC Firmware
HP 205 Pro G4 22 All-in-One PC Firmware
HP 280 G3
HP 280 G3 Small Form Factor
HP 280 G4 Firmware
HP 280 G4 Firmware
HP 280 g4 microtower
HP 280 G4
HP 280 G5 Firmware
HP 280 G5 Small Form Factor
HP 280 Pro G5 Small Form Factor Firmware
HP 280 G5 Small Form Factor Firmware
HP 280 g6 Firmware
HP 280 g6 Firmware
HP 280 G8 Microtower Firmware
HP 280 G8 Microtower Firmware
HP 280 G3 Firmware
HP 280 Pro G3 Small Form Factor
HP 280 G4 Microtower Firmware
HP 280 Pro G4 Microtower Firmware
HP 280 Pro G5 Small Form Factor Firmware
HP 280 Pro G5 Small Form Factor
HP 282 G5
HP ProDesk 282 G5
HP 282 G6 Firmware
HP 282 g6 Firmware
HP 282 Pro G4 Microtower
HP 282 Pro G4 Microtower
HP 288 G5 Firmware
HP 288 g5 Firmware
HP 288 G6 Firmware
HP 288 G6 Firmware
HP 288 Pro G4 Microtower
HP 288 Pro G4 Microtower Firmware
HP 290 G1
HP 290 G1 Small Form Factor
HP 290 G2 Microtower Firmware
HP 290 G2 Microtower
HP 290 G2 Microtower Firmware
Hp 290 G2 Microtower Firmware
HP 290 G3 Firmware
HP 290 G3
HP 290 G3 Small Form Factor
HP 290 G3
HP 290 G4 Firmware
HP 290 G4 Firmware
HP Desktop Pro G1 Microtower Firmware
HP Desktop Pro G1 Microtower Firmware
HP Pro SFF 280 G9 Desktop Firmware
HP Pro Small Form Factor 280 G9 Desktop Firmware
HP Pro SFF 290 G9 Desktop Firmware
HP Pro SFF 290 G9 Desktop
HP Pro SFF Zhan 66 G9 Desktop Firmware
HP Pro SFF Zhan 66 G9 Desktop Firmware
HP Pro Tower 200 G9 Desktop (ROM Family SSID 89B3) Firmware
HP Pro Tower 200 G9 Desktop Firmware
HP Pro Tower 280 G9 Desktop (ROM Family SSID 89B4) Firmware
HP Pro Tower 280 G9 Desktop (ROM Family SSID 89B3) Firmware
HP Pro Tower 290 G9 Desktop
HP Pro Tower 290 G9 Desktop Firmware
HP Pro Tower Zhan 99 G9 Desktop (ROM Family SSID 89B3) Firmware
HP Pro Tower Zhan 99 G9 Desktop (ROM Family SSID 89B3) Firmware
HP ProOne 240 G10 Firmware
HP ProOne 240 G10 Firmware
HP ProOne 240 G9 Firmware
HP ProOne 240 G9 Firmware
HP ProOne 440 G3 Firmware
HP ProOne 440 G3 Firmware
HP ProOne 490 G3
HP ProOne 490 G3 Firmware
HP ProOne 496 G3 Firmware
HP ProOne 496 G3
HP Z VR Backpack G1 Workstation Firmware
HP Z VR Backpack G1 Workstation Firmware
HP Zhan 86 Pro G2 Microtower Firmware
HP Zhan 86 Pro G2 Microtower Firmware
HP Zhan 99 Pro G1 Microtower
Hp Zhan 99 Pro G1 Microtower Firmware

Remedy

https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-26299?

    CVE-2023-26299 is classified as a potentially critical vulnerability due to the risk of arbitrary code execution.

  • How do I fix CVE-2023-26299?

    To mitigate CVE-2023-26299, users should apply the updates released by AMI for the affected HP PC products.

  • Which HP products are affected by CVE-2023-26299?

    CVE-2023-26299 affects various HP PC products using AMI UEFI Firmware, including models like HP 260 G4 Desktop Mini and HP t430 Thin Client.

  • Can CVE-2023-26299 be exploited remotely?

    Yes, CVE-2023-26299 can potentially be exploited remotely if the vulnerability is present in the system's firmware.

  • Is there a workaround for CVE-2023-26299?

    Currently, the recommended approach is to update the firmware to the latest version as there are no known effective workarounds for CVE-2023-26299.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203