CVE-2019-6321
HIGHHP Z4/Z6/Z8 G4 Workstation Firmware - Runtime BIOS Code Tampering via TPM Disabled State
Title source: llmDescription
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_hp
https://support.hp.com/us-en/document/c06318199
Scores
CVSS v3
7.2
EPSS
0.0036
EPSS Percentile
58.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-667
Status
published
Products (4)
hp/z4_g4_core-x_workstation_firmware
< 1.70 (2 CPE variants)
hp/z4_g4_workstation_firmware
< 1.70 (2 CPE variants)
hp/z6_g4_workstation_firmware
< 1.71 (2 CPE variants)
hp/z8_g4_workstation_firmware
< 1.71 (2 CPE variants)
Published
May 29, 2019
Tracked Since
Feb 18, 2026