CVE-2021-3661

HIGH

HP Z1 All-in-one G3 Firmware - Code Injection

Title source: rule

Description

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770

Scores

CVSS v3 8.4

EPSS 0.0025

EPSS Percentile 48.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (20)

hp/z1_all-in-one_g3_firmware 01.31

hp/z238_microtower_firmware 01.83

hp/z240_small_form_factor_firmware 01.83

hp/z240_tower_firmware 01.83

hp/z2_mini_g3_firmware 01.83

hp/z2_mini_g4_firmware 01.08.01

hp/z2_mini_g5_firmware 01.03.00_rev_a

hp/z2_small_form_factor_g4_firmware 01.08.01

hp/z2_small_form_factor_g5_firmware 01.03.00_rev_a

hp/z2_small_form_factor_g8_firmware 01.03.00_rev_a

... and 10 more

Published Dec 12, 2022

Tracked Since Feb 18, 2026