Escalation of Privilege, Denial of Service, and Information Disclosure.
Source: HP, HP Product Security Response Team (PSRT)
Reported by: Intel®
HP has been notified of potential security vulnerabilities involving improper authentication with the Intel CSME subsystem for certain Intel products. Intel CSME FW versions before 12.0.49, 12.0.55, 13.0.21, and 14.0.11 may allow a privileged user to potentially enable escalation of privilege, denial of service, or information disclosure via local access.
Intel has released updates to mitigate the potential vulnerability. HP has identified the affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerability. See the affected platforms listed below.
Newer versions may become available and identified minimum versions may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.
HP recommends keeping your system up to date with the latest firmware and software.