CVE-2008-0706

Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/28495	Patch
http://securitytracker.com/id?1019730
http://www.vupen.com/english/advisories/2008/1043/references
http://marc.info/?l=bugtraq&m=120672270224094&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/41521

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:compaq:presario_a900::::::::
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2b:::::::*
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2e:::::::*
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.28:::::::*
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2a:::::::*
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.18:::::::*
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.21:::::::*
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.26:::::::*
	cpe:2.3:h:compaq:presario_c700::::::::
	cpe:2.3:h:hp:g7000::::::::
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2f:::::::*
	cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.30:::::::*

Information

Published : 2008-03-31 16:44

Updated : 2017-08-07 18:29

NVD link : CVE-2008-0706

Mitre link : CVE-2008-0706

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

g7000
hpqflash_for_hp_notebook_system_bios

compaq

presario_a900
presario_c700

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/28495", "name": "28495", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1019730", "name": "1019730", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/1043/references", "name": "ADV-2008-1043", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=120672270224094&w=2", "name": "HPSBGN02319", "tags": [], "refsource": "HP"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41521", "name": "compaq-pcbios-security-bypass(41521)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0706", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-03-31T23:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:compaq:presario_a900:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:compaq:presario_c700:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:g7000:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.2f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hp:hpqflash_for_hp_notebook_system_bios:f.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:29Z"}

7.2 /10