9.8
CRITICAL
CVE-2021-3919
HP OMEN Gaming Hub and HP Command Center Privilege Escalation and Denial of Service Vulnerability
Description

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.

INFO

Published Date :

Dec. 12, 2022, 1:15 p.m.

Last Modified :

Nov. 21, 2024, 6:22 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2021-3919 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hp omen_gaming_hub
2 Hp command_center
3 Hp pavilion_gaming_tg01-2xxx
4 Hp envy_13t-bd100
5 Hp envy_13z-ay100
6 Hp envy_14-eb0xxx
7 Hp envy_14-eb1xxx
8 Hp envy_14t-eb100
9 Hp envy_15-ep0xxx
10 Hp envy_15-ep1xxx
11 Hp envy_15t-ep000
12 Hp envy_15t-ep100
13 Hp envy_15t-es000
14 Hp envy_15t-es100
15 Hp envy_15z-ee100
16 Hp envy_17-ch0xxx
17 Hp envy_17-ch1xxx
18 Hp envy_17m-ch0xxx
19 Hp envy_17m-ch1xxx
20 Hp envy_17t-ch000
21 Hp envy_17t-ch100
22 Hp envy_all-in-one_34-c0xxx
23 Hp envy_x360_13-ay1xxx
24 Hp envy_x360_13-bd1xxx
25 Hp envy_x360_13m-bd1xxx
26 Hp envy_x360_15-ee1xxx
27 Hp envy_x360_15-es0xxx
28 Hp envy_x360_15-es1xxx
29 Hp envy_x360_15-eu0xxx
30 Hp envy_x360_15m-es0xxx
31 Hp envy_x360_15m-eu0xxx
32 Hp omen_15-ce0xx
33 Hp omen_15-ce1xx
34 Hp omen_15-dc0xxx
35 Hp omen_15-dc1xxx
36 Hp omen_15-dc2xxx
37 Hp omen_15-dh0xxx
38 Hp omen_15-dh1xxx
39 Hp omen_15-ek0xxx
40 Hp omen_15-ek1xxx
41 Hp omen_15-en0xxx
42 Hp omen_15-en1xxx
43 Hp omen_15t-dc200
44 Hp omen_15t-dg000
45 Hp omen_15t-dh000
46 Hp omen_15t-dh100
47 Hp omen_15z-en000
48 Hp omen_17-an0xx
49 Hp omen_17-an1xx
50 Hp omen_17-cb0xxx
51 Hp omen_17-cb1xxx
52 Hp omen_17t-cb000
53 Hp omen_17t-cb100
54 Hp omen_2s_15-dg0xxx
55 Hp omen_desktop_25l_gt11-0xxx
56 Hp omen_desktop_25l_gt11-1xxx
57 Hp omen_desktop_25l_gt12-0xxx
58 Hp omen_desktop_25l_gt12-1xxx
59 Hp omen_desktop_30l_gt13-0xxx
60 Hp omen_desktop_30l_gt13-1xxx
61 Hp omen_desktop_40l_gt21-0xxx
62 Hp omen_desktop_873-0xxx
63 Hp omen_desktop_880-0xx
64 Hp omen_desktop_880-1xx
65 Hp omen_desktop_880-5xx
66 Hp omen_desktop_900-1xx
67 Hp omen_desktop_900-2xx
68 Hp omen_desktop_p1000-0xx
69 Hp omen_gaming_16-b0xxx
70 Hp omen_gaming_16-c0xxx
71 Hp omen_gaming_17-ck0xxx
72 Hp omen_gaming_desktop_45l_gt22-0xxx
73 Hp omen_obelisk_desktop_875-0xxx
74 Hp omen_obelisk_desktop_875-1xxx
75 Hp pavikion_16t-a000
76 Hp pavilion_15t-dk000
77 Hp pavilion_17t-cd000
78 Hp pavilion_gaming_15-dk0xxx
79 Hp pavilion_gaming_15-dk1xxx
80 Hp pavilion_gaming_15-dk2xxx
81 Hp pavilion_gaming_15-ec0xxx
82 Hp pavilion_gaming_15-ec1xxx
83 Hp pavilion_gaming_15-ec2xxx
84 Hp pavilion_gaming_16-a0xxx
85 Hp pavilion_gaming_17-cd0xxx
86 Hp pavilion_gaming_17-cd1xxx
87 Hp pavilion_gaming_17-cd2xxx
88 Hp pavilion_gaming_tg01-0xxx
89 Hp pavilion_gaming_tg01-1xxx
90 Hp spectre_13t-ak100
91 Hp spectre_13t-aw000
92 Hp spectre_13t-aw200
93 Hp spectre_14t-ea000
94 Hp spectre_15t-eb000
95 Hp spectre_15t-eb100
96 Hp spectre_folio_13-ak1xxx
97 Hp spectre_x360_13-aw0xxx
98 Hp spectre_x360_13-aw2xxx
99 Hp spectre_x360_14-ea0xxx
100 Hp spectre_x360_14-ea2xxx
101 Hp spectre_x360_15-eb0xxx
102 Hp spectre_x360_15-eb1xxx
103 Hp spectre_x360_16-f0xxx
104 Hp victus_gaming_16-d0xxx
105 Hp victus_gaming_16-e0xxx
106 Hp zhan_99_g2_mobile_workstation
: Total Affected Vendor : 1 | Products : 106
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-3919.

URL Resource
https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761 Vendor Advisory
https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-3919 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-3919 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Dec. 19, 2022

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761 No Types Assigned https://support.hp.com/us-en/document/ish_5481136-5481162-16/hpsbgn03761 Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration AND OR *cpe:2.3:a:hp:command_center:*:*:*:*:*:*:*:* versions up to (excluding) 1.10.30.0 *cpe:2.3:a:hp:omen_gaming_hub:*:*:*:*:*:*:*:* versions up to (excluding) 1101.2112.1.0 OR cpe:2.3:h:hp:envy_13t-bd100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_13z-ay100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_14-eb0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_14-eb1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_14t-eb100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_15-ep0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_15-ep1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_15t-ep000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_15t-ep100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_15t-es000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_15t-es100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_15z-ee100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_17-ch0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_17-ch1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_17m-ch0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_17m-ch1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_17t-ch000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_17t-ch100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_all-in-one_34-c0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_13-ay1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_13-bd1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_13m-bd1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_15-ee1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_15-es0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_15-es1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_15-eu0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_15m-es0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:envy_x360_15m-eu0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-ce0xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-ce1xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-dc0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-dc1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-dc2xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-dh0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-dh1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-ek0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-ek1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-en0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15-en1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15t-dc200:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15t-dg000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15t-dh000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15t-dh100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_15z-en000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_17-an0xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_17-an1xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_17-cb0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_17-cb1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_17t-cb000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_17t-cb100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_2s_15-dg0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_25l_gt11-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_25l_gt11-1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_25l_gt12-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_25l_gt12-1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_30l_gt13-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_30l_gt13-1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_40l_gt21-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_873-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_880-0xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_880-1xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_880-5xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_900-1xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_900-2xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_desktop_p1000-0xx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_gaming_16-b0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_gaming_16-c0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_gaming_17-ck0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_gaming_desktop_45l_gt22-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_obelisk_desktop_875-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:omen_obelisk_desktop_875-1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavikion_16t-a000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_15t-dk000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_17t-cd000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_15-dk0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_15-dk1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_15-dk2xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_15-ec0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_15-ec1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_15-ec2xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_16-a0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_17-cd0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_17-cd1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_17-cd2xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_tg01-0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_tg01-1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:pavilion_gaming_tg01-2xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_13t-ak100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_13t-aw000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_13t-aw200:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_14t-ea000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_15t-eb000:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_15t-eb100:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_folio_13-ak1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_x360_13-aw0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_x360_13-aw2xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_x360_14-ea0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_x360_14-ea2xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_x360_15-eb0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_x360_15-eb1xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:spectre_x360_16-f0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:victus_gaming_16-d0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:victus_gaming_16-e0xxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:zhan_99_g2_mobile_workstation:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-3919 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-3919 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.18 }} 0.01%

score

0.54725

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: