CVE-2021-39300

2022-02-1616:38:13

www.cve.org

uefi firmware

bios

pc products

privilege escalation

arbitrary code execution

AI Score

9.5

Confidence

High

EPSS

Percentile

12.6%

JSON

Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.

CNA Affected

[
  {
    "product": "BUSINESS NOTEBOOK PCS BIOS; BUSINESS DESKTOP PCS BIOS; RETAIL POINT-OF-SALE SYSTEMS BIOS; WORKSTATIONS BIOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before 01.12.00"
      },
      {
        "status": "affected",
        "version": "before 01.08.00"
      },
      {
        "status": "affected",
        "version": "before 01.19.00"
      },
      {
        "status": "affected",
        "version": "before 01.08.02"
      },
      {
        "status": "affected",
        "version": "before 01.08.01"
      },
      {
        "status": "affected",
        "version": "before 02.17.00"
      },
      {
        "status": "affected",
        "version": "before 02.18.00"
      },
      {
        "status": "affected",
        "version": "before 02.12.00"
      },
      {
        "status": "affected",
        "version": "before 02.10.00"
      },
      {
        "status": "affected",
        "version": "before 02.07.00"
      },
      {
        "status": "affected",
        "version": "before 02.03.00"
      },
      {
        "status": "affected",
        "version": "before 02.75"
      },
      {
        "status": "affected",
        "version": "before 2.58"
      }
    ]
  }
]

References

support.hp.com/us-en/document/ish_5661066-5661090-16