CVE-2019-18913

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2019-18913
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

6.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://support.hp.com/us-en/document/c06549501 Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hp:elitedesk_800_g5_dm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitedesk_800_g5_dm:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hp:elitedesk_800_g5_sff_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitedesk_800_g5_sff:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hp:elitedesk_800_g5_twr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitedesk_800_g5_twr:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hp:eliteone_800_g5_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:eliteone_800_g5_aio:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hp:prodesk_400_g5_dm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_400_g5_dm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:hp:prodesk_400_g6_mt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_400_g6_mt:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:hp:prodesk_400_g6_sff_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_400_g6_sff:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:hp:prodesk_480_g6_mt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_480_g6_mt:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:hp:prodesk_600_g5_dm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_600_g5_dm:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:hp:prodesk_600_g5_mt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_600_g5_mt:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:hp:prodesk_600_g5_pci_mt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_600_g5_pci_mt:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:hp:prodesk_600_g5_sff_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:prodesk_600_g5_sff:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:hp:proone_400_g5_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:proone_400_g5_aio:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:hp:proone_440_g5_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:proone_440_g5_aio:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:hp:proone_600_g5_aio_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:proone_600_g5_aio:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:hp:elite_dragonfly_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elite_dragonfly:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:hp:elite_x2_g4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elite_x2_g4:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:hp:elitebook_830_g6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_830_g6:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:hp:elitebook_836_g6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_836_g6:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:hp:elitebook_840_g6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_840_g6:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:hp:elitebook_840_g6_healthcare_edition_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_840_g6_healthcare_edition:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:hp:elitebook_846_g6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_846_g6:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:hp:elitebook_846_g6_healthcare_edition_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_846_g6_healthcare_edition:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:hp:elitebook_850_g6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_850_g6:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:hp:elitebook_x360_1030_g4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_x360_1030_g4:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:hp:elitebook_x360_1040_g6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_x360_1040_g6:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:hp:elitebook_x360_830_g6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:elitebook_x360_830_g6:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:hp:probook_640_g5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_640_g5:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:hp:probook_650_g5_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:probook_650_g5:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:hp:zbook_14u_g6_mobile_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:zbook_14u_g6_mobile_workstation:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:hp:zbook_15u_g6_mobile_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:zbook_15u_g6_mobile_workstation:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:hp:zhan_x_13_g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:zhan_x_13_g2:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:hp:zbook_17u_g6_mobile_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:zbook_17u_g6_mobile_workstation:-:*:*:*:*:*:*:*
Information

Published : 2020-01-30 20:15

Updated : 2020-08-24 10:37

NVD link : CVE-2019-18913

Mitre link : CVE-2019-18913

JSON object : View

CWE
NVD-CWE-noinfo
Advertisement

dedicated server usa
Products Affected

hp

  • elitebook_x360_830_g6_firmware
  • zbook_14u_g6_mobile_workstation
  • elite_x2_g4_firmware
  • elitedesk_800_g5_dm_firmware
  • eliteone_800_g5_aio
  • elitebook_836_g6_firmware
  • eliteone_800_g5_aio_firmware
  • zbook_15u_g6_mobile_workstation_firmware
  • elitebook_830_g6_firmware
  • probook_640_g5_firmware
  • elitedesk_800_g5_twr
  • elitebook_x360_1030_g4_firmware
  • elite_dragonfly_firmware
  • elitedesk_800_g5_sff_firmware
  • zbook_14u_g6_mobile_workstation_firmware
  • zhan_x_13_g2_firmware
  • zbook_17u_g6_mobile_workstation
  • zhan_x_13_g2
  • elitebook_840_g6_healthcare_edition_firmware
  • elitebook_x360_1030_g4
  • elitedesk_800_g5_twr_firmware
  • elite_dragonfly
  • prodesk_480_g6_mt_firmware
  • elitebook_846_g6_healthcare_edition
  • prodesk_400_g6_mt_firmware
  • proone_440_g5_aio
  • elitebook_850_g6
  • elitebook_x360_1040_g6
  • elitebook_x360_830_g6
  • elitebook_830_g6
  • prodesk_600_g5_sff_firmware
  • prodesk_600_g5_sff
  • prodesk_600_g5_dm_firmware
  • zbook_15u_g6_mobile_workstation
  • prodesk_400_g5_dm
  • probook_650_g5
  • probook_640_g5
  • proone_440_g5_aio_firmware
  • elitebook_850_g6_firmware
  • prodesk_600_g5_dm
  • proone_600_g5_aio
  • elitebook_840_g6_firmware
  • elite_x2_g4
  • elitebook_x360_1040_g6_firmware
  • prodesk_600_g5_pci_mt_firmware
  • elitedesk_800_g5_dm
  • prodesk_600_g5_mt
  • prodesk_480_g6_mt
  • probook_650_g5_firmware
  • elitebook_846_g6
  • elitebook_840_g6
  • elitebook_846_g6_firmware
  • prodesk_400_g5_dm_firmware
  • prodesk_400_g6_mt
  • prodesk_600_g5_mt_firmware
  • prodesk_400_g6_sff
  • prodesk_400_g6_sff_firmware
  • prodesk_600_g5_pci_mt
  • proone_400_g5_aio_firmware
  • proone_400_g5_aio
  • elitebook_836_g6
  • elitedesk_800_g5_sff
  • elitebook_840_g6_healthcare_edition
  • zbook_17u_g6_mobile_workstation_firmware
  • elitebook_846_g6_healthcare_edition_firmware
  • proone_600_g5_aio_firmware