7.0
HIGH
CVE-2023-26299
HP AMI UEFI Firmware TOCTOU Vulnerability
Description

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

INFO

Published Date :

June 30, 2023, 4:15 p.m.

Last Modified :

July 10, 2023, 6:53 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.0
Affected Products

The following products are affected by CVE-2023-26299 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Hp 260_g4_desktop_mini_firmware
2 Hp t430_firmware
3 Hp t628_firmware
4 Hp 240_g10_firmware
5 Hp 245_g6_firmware
6 Hp 245_g7_firmware
7 Hp 245_g8_firmware
8 Hp 247_g8_firmware
9 Hp 250_g10_firmware
10 Hp 255_g10_firmware
11 Hp 349_g7_firmware
12 Hp 470_g10_firmware
13 Hp 470_g9_firmware
14 Hp zhan_99_g2_firmware
15 Hp zhan_99_g4_firmware
16 Hp vr_backpack_g2_firmware
17 Hp 200_g3_firmware
18 Hp 200_g4_22_all-in-one_firmware
19 Hp 200_pro_g4_22_all-in-one_firmware
20 Hp 205_g4_22_all-in-one_firmware
21 Hp 205_pro_g4_22_all-in-one_firmware
22 Hp 280_g3_firmware
23 Hp 280_g4_firmware
24 Hp 280_g4_microtower_firmware
25 Hp 280_g5_firmware
26 Hp 280_g5_small_form_factor_firmware
27 Hp 280_g6_firmware
28 Hp 280_g8_microtower_firmware
29 Hp 280_pro_g3_firmware
30 Hp 280_pro_g4_microtower_firmware
31 Hp 280_pro_g5_small_form_factor_firmware
32 Hp 282_g5_firmware
33 Hp 282_g6_firmware
34 Hp 282_pro_g4_microtower_firmware
35 Hp 288_g5_firmware
36 Hp 288_g6_firmware
37 Hp 288_pro_g4_microtower_firmware
38 Hp 290_g1_firmware
39 Hp 290_g2_firmware
40 Hp 290_g2_microtower_firmware
41 Hp 290_g3_firmware
42 Hp 290_g3_small_form_factor_firmware
43 Hp 290_g4_firmware
44 Hp desktop_pro_g1_microtower_firmware
45 Hp pro_small_form_factor_280_g9_desktop_firmware
46 Hp pro_small_form_factor_290_g9_desktop_firmware
47 Hp pro_small_form_factor_zhan_66_g9_desktop_firmware
48 Hp pro_tower_200_g9_desktop_firmware
49 Hp pro_tower_280_g9_desktop_firmware
50 Hp pro_tower_290_g9_desktop_firmware
51 Hp pro_tower_zhan_99_g9_desktop_firmware
52 Hp proone_240_g10_firmware
53 Hp proone_240_g9_firmware
54 Hp proone_440_g3_firmware
55 Hp proone_490_g3_firmware
56 Hp proone_496_g3_firmware
57 Hp z_vr_backpack_g1_workstation_firmware
58 Hp zhan_86_pro_g2_microtower_firmware
59 Hp zhan_99_pro_g1_microtower_firmware
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-26299.

URL Resource
https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-26299 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-26299 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jul. 10, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 No Types Assigned https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 Patch, Vendor Advisory
    Added CWE NIST CWE-367
    Added CPE Configuration AND OR *cpe:2.3:o:hp:260_g4_desktop_mini_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 2.14 OR cpe:2.3:h:hp:260_g4_desktop_mini:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:t430_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 00.01.11 OR cpe:2.3:h:hp:t430:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:t628_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 00.01.10 OR cpe:2.3:h:hp:t628:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:240_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.04 OR cpe:2.3:h:hp:240_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:245_g6_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.35 OR cpe:2.3:h:hp:245_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:245_g7_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.69 OR cpe:2.3:h:hp:245_g7:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:245_g8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.25 OR cpe:2.3:h:hp:245_g8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:247_g8_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.69 OR cpe:2.3:h:hp:247_g8:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:250_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.05 OR cpe:2.3:h:hp:250_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:255_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.08 OR cpe:2.3:h:hp:255_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:349_g7_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.28 OR cpe:2.3:h:hp:349_g7:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:470_g10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.02 OR cpe:2.3:h:hp:470_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:470_g9_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.05 OR cpe:2.3:h:hp:470_g9:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_99_g2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.24 OR cpe:2.3:h:hp:zhan_99_g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_99_g4_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.08 OR cpe:2.3:h:hp:zhan_99_g4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:vr_backpack_g2_firmware:*:*:*:*:*:*:*:* versions up to (excluding) f.28 OR cpe:2.3:h:hp:vr_backpack_g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:200_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:200_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:200_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:200_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:200_pro_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:200_pro_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:205_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:205_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:205_pro_g4_22_all-in-one_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:205_pro_g4_22_all-in-one:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g4_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g5_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g5_small_form_factor_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g5_small_form_factor:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g6_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_g8_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_g8_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_pro_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_pro_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_pro_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_pro_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:280_pro_g5_small_form_factor_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:280_pro_g5_small_form_factor:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:282_g5_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:282_g5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:282_g6_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:282_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:282_pro_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:282_pro_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:288_g5_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:288_g5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:288_g6_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:288_g6:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:288_pro_g4_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:288_pro_g4_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g1_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g2_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g2_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g3_small_form_factor_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g3_small_form_factor:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:290_g4_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:290_g4:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:desktop_pro_g1_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:desktop_pro_g1_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_small_form_factor_280_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_small_form_factor_280_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_small_form_factor_290_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_small_form_factor_290_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_small_form_factor_zhan_66_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_small_form_factor_zhan_66_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_200_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_200_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_280_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_280_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_290_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_290_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:pro_tower_zhan_99_g9_desktop_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:pro_tower_zhan_99_g9_desktop:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_240_g10_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_240_g10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_240_g9_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_240_g9:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_440_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_440_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_490_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_490_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:proone_496_g3_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:proone_496_g3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:z_vr_backpack_g1_workstation_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:z_vr_backpack_g1_workstation:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_86_pro_g2_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:zhan_86_pro_g2_microtower:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:hp:zhan_99_pro_g1_microtower_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:hp:zhan_99_pro_g1_microtower:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-26299 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-26299 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05701

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability