CVE-2019-6322
MEDIUMHP Z4 G4 Workstation Firmware < 1.70 - Improper Locking
Title source: llmDescription
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_hp
https://support.hp.com/us-en/document/c06318199
Scores
CVSS v3
6.8
EPSS
0.0031
EPSS Percentile
54.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-667
Status
published
Products (4)
hp/z4_g4_core-x_workstation_firmware
< 1.70 (2 CPE variants)
hp/z4_g4_workstation_firmware
< 1.70 (2 CPE variants)
hp/z6_g4_workstation_firmware
< 1.71 (2 CPE variants)
hp/z8_g4_workstation_firmware
< 1.71 (2 CPE variants)
Published
May 29, 2019
Tracked Since
Feb 18, 2026