7.0
HIGH
CVE-2023-26299
HP AMI UEFI Firmware TOCTOU Vulnerability
Description

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

INFO

Published Date :

June 30, 2023, 4:15 p.m.

Last Modified :

Nov. 21, 2024, 7:51 a.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.0
Affected Products

The following products are affected by CVE-2023-26299 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hp 260_g4_desktop_mini_firmware
2 Hp t430_firmware
3 Hp t628_firmware
4 Hp 240_g10_firmware
5 Hp 245_g6_firmware
6 Hp 245_g7_firmware
7 Hp 245_g8_firmware
8 Hp 247_g8_firmware
9 Hp 250_g10_firmware
10 Hp 255_g10_firmware
11 Hp 349_g7_firmware
12 Hp 470_g10_firmware
13 Hp 470_g9_firmware
14 Hp zhan_99_g2_firmware
15 Hp zhan_99_g4_firmware
16 Hp vr_backpack_g2_firmware
17 Hp 200_g3_firmware
18 Hp 200_g4_22_all-in-one_firmware
19 Hp 200_pro_g4_22_all-in-one_firmware
20 Hp 205_g4_22_all-in-one_firmware
21 Hp 205_pro_g4_22_all-in-one_firmware
22 Hp 280_g3_firmware
23 Hp 280_g4_firmware
24 Hp 280_g4_microtower_firmware
25 Hp 280_g5_firmware
26 Hp 280_g5_small_form_factor_firmware
27 Hp 280_g6_firmware
28 Hp 280_g8_microtower_firmware
29 Hp 280_pro_g3_firmware
30 Hp 280_pro_g4_microtower_firmware
31 Hp 280_pro_g5_small_form_factor_firmware
32 Hp 282_g5_firmware
33 Hp 282_g6_firmware
34 Hp 282_pro_g4_microtower_firmware
35 Hp 288_g5_firmware
36 Hp 288_g6_firmware
37 Hp 288_pro_g4_microtower_firmware
38 Hp 290_g1_firmware
39 Hp 290_g2_firmware
40 Hp 290_g2_microtower_firmware
41 Hp 290_g3_firmware
42 Hp 290_g3_small_form_factor_firmware
43 Hp 290_g4_firmware
44 Hp desktop_pro_g1_microtower_firmware
45 Hp pro_small_form_factor_280_g9_desktop_firmware
46 Hp pro_small_form_factor_290_g9_desktop_firmware
47 Hp pro_small_form_factor_zhan_66_g9_desktop_firmware
48 Hp pro_tower_200_g9_desktop_firmware
49 Hp pro_tower_280_g9_desktop_firmware
50 Hp pro_tower_290_g9_desktop_firmware
51 Hp pro_tower_zhan_99_g9_desktop_firmware
52 Hp proone_240_g10_firmware
53 Hp proone_240_g9_firmware
54 Hp proone_440_g3_firmware
55 Hp proone_490_g3_firmware
56 Hp proone_496_g3_firmware
57 Hp z_vr_backpack_g1_workstation_firmware
58 Hp zhan_86_pro_g2_microtower_firmware
59 Hp zhan_99_pro_g1_microtower_firmware
60 Hp t430
61 Hp t628
62 Hp vr_backpack_g2
63 Hp 260_g4_desktop_mini
64 Hp 240_g10
65 Hp 245_g6
66 Hp 245_g7
67 Hp 245_g8
68 Hp 247_g8
69 Hp 250_g10
70 Hp 255_g10
71 Hp 349_g7
72 Hp 470_g10
73 Hp 470_g9
74 Hp zhan_99_g2
75 Hp zhan_99_g4
76 Hp 200_g3
77 Hp 200_g4_22_all-in-one
78 Hp 200_pro_g4_22_all-in-one
79 Hp 205_g4_22_all-in-one
80 Hp 205_pro_g4_22_all-in-one
81 Hp 280_g3
82 Hp 280_g4
83 Hp 280_g4_microtower
84 Hp 280_g5
85 Hp 280_g5_small_form_factor
86 Hp 280_g6
87 Hp 280_g8_microtower
88 Hp 280_pro_g3
89 Hp 280_pro_g4_microtower
90 Hp 280_pro_g5_small_form_factor
91 Hp 282_g5
92 Hp 282_g6
93 Hp 282_pro_g4_microtower
94 Hp 288_g5
95 Hp 288_g6
96 Hp 288_pro_g4_microtower
97 Hp 290_g1
98 Hp 290_g2
99 Hp 290_g2_microtower
100 Hp 290_g3
101 Hp 290_g3_small_form_factor
102 Hp 290_g4
103 Hp desktop_pro_g1_microtower
104 Hp pro_small_form_factor_280_g9_desktop
105 Hp pro_small_form_factor_290_g9_desktop
106 Hp pro_small_form_factor_zhan_66_g9_desktop
107 Hp pro_tower_200_g9_desktop
108 Hp pro_tower_280_g9_desktop
109 Hp pro_tower_290_g9_desktop
110 Hp pro_tower_zhan_99_g9_desktop
111 Hp proone_240_g10
112 Hp proone_240_g9
113 Hp proone_440_g3
114 Hp proone_490_g3
115 Hp proone_496_g3
116 Hp z_vr_backpack_g1_workstation
117 Hp zhan_86_pro_g2_microtower
118 Hp zhan_99_pro_g1_microtower
: Total Affected Vendor : 1 | Products : 118
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-26299.

URL Resource
https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 Patch Vendor Advisory
https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-26299 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-26299 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jul. 10, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 No Types Assigned https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 Patch, Vendor Advisory
    Added CWE NIST CWE-367
    Added CPE Configuration AND OR *cpe:2.3:o:hp:260_g4_desktop_mini_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.14 OR cpe:2.3:h:hp:260_g4_desktop_mini:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:t430_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 00.01.11 OR cpe:2.3:h:hp:t430:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:t628_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 00.01.10 OR cpe:2.3:h:hp:t628:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:240_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.04 OR cpe:2.3:h:hp:240_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:245_g6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.35 OR cpe:2.3:h:hp:245_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:245_g7_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.69 OR cpe:2.3:h:hp:245_g7:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:245_g8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.25 OR cpe:2.3:h:hp:245_g8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:247_g8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.69 OR cpe:2.3:h:hp:247_g8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:250_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.05 OR cpe:2.3:h:hp:250_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:255_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.08 OR cpe:2.3:h:hp:255_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:349_g7_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.28 OR cpe:2.3:h:hp:349_g7:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:470_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.02 OR cpe:2.3:h:hp:470_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:470_g9_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.05 OR cpe:2.3:h:hp:470_g9:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_99_g2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.24 OR cpe:2.3:h:hp:zhan_99_g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_99_g4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.08 OR cpe:2.3:h:hp:zhan_99_g4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:vr_backpack_g2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.28 OR cpe:2.3:h:hp:vr_backpack_g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:200_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:200_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:200_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:200_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:200_pro_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:200_pro_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:205_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:205_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:205_pro_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:205_pro_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g4_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g5_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g5_small_form_factor_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g5_small_form_factor:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g6_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g8_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g8_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_pro_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_pro_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_pro_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_pro_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_pro_g5_small_form_factor_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_pro_g5_small_form_factor:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:282_g5_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:282_g5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:282_g6_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:282_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:282_pro_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:282_pro_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:288_g5_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:288_g5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:288_g6_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:288_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:288_pro_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:288_pro_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g1_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g2_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g2_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g3_small_form_factor_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g3_small_form_factor:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g4_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:desktop_pro_g1_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:desktop_pro_g1_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_small_form_factor_280_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_small_form_factor_280_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_small_form_factor_290_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_small_form_factor_290_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_small_form_factor_zhan_66_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_small_form_factor_zhan_66_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_200_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_200_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_280_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_280_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_290_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_290_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_zhan_99_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_zhan_99_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_240_g10_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_240_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_240_g9_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_240_g9:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_440_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_440_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_490_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_490_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_496_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_496_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:z_vr_backpack_g1_workstation_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:z_vr_backpack_g1_workstation:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_86_pro_g2_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:zhan_86_pro_g2_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_99_pro_g1_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:zhan_99_pro_g1_microtower:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-26299 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-26299 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05701

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: