CVE-2019-16284
HIGHHP 260 G1 DM Firmware < 2.27 - Arbitrary Code Execution via EFI_BOOT_SERVICES Overwrite
Title source: llmDescription
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.hp.com/rs-en/document/c06456250
Scores
CVSS v3
7.2
EPSS
0.0031
EPSS Percentile
53.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (49)
hp/260_g1_dm_firmware
< 2.27
hp/280_pro_g1_firmware
< 80.3
hp/285_g2_firmware
< a0.23
hp/340_g3_firmware
< f.48
hp/340_g4_firmware
< f.55
hp/346_g3_firmware
< f.48
hp/346_g4_firmware
< f.46
hp/348_g3_firmware
< f.48
hp/348_g4_firmware
< f.55
hp/elite_slice_firmware
< 2.42
... and 39 more
Published
Nov 05, 2019
Tracked Since
Feb 18, 2026