CVE-2021-3439

Q: What is the severity of CVE-2021-3439?

CVE-2021-3439 has a CVSS score of 7.8 (HIGH). This CVE describes a BIOS firmware vulnerability in certain HP Workstation products that could allow local attackers to execute arbitrary code with elevated privileges. The vulnerability affects physical access scenarios where an attacker can interact with the system firmware. HP has released firmware updates to address this potential security issue.

7.8 HIGH

📋 TL;DR

This CVE describes a BIOS firmware vulnerability in certain HP Workstation products that could allow local attackers to execute arbitrary code with elevated privileges. The vulnerability affects physical access scenarios where an attacker can interact with the system firmware. HP has released firmware updates to address this potential security issue.

💻 Affected Systems

Products:

HP Z2 Small Form Factor G4 Workstation
HP Z2 Tower G4 Workstation
HP Z4 G4 Workstation

Versions: BIOS versions prior to 02.05.05 Rev.A

Operating Systems: All operating systems running on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific HP Workstation models with vulnerable BIOS firmware versions. Requires physical access or local administrative privileges.

📦 What is this software?

Eliteone 800 G3 23.8 Non Touch Healthcare Edition All In One Business Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G3 23.8 Non Touch Healthcare Edition All In One Business Pc Firmware →

Eliteone 800 G4 23.8 In Healthcare Edition All In One Business Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G4 23.8 In Healthcare Edition All In One Business Pc Firmware →

Eliteone 800 G4 23.8 Inch Non Touch All In One Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G4 23.8 Inch Non Touch All In One Pc Firmware →

Eliteone 800 G4 23.8 Inch Non Touch Gpu All In One Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G4 23.8 Inch Non Touch Gpu All In One Pc Firmware →

Eliteone 800 G4 23.8 Inch Touch All In One Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G4 23.8 Inch Touch All In One Pc Firmware →

Eliteone 800 G4 23.8 Inch Touch Gpu All In One Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G4 23.8 Inch Touch Gpu All In One Pc Firmware →

Eliteone 800 G5 23.8 In Healthcare Edition All In One Firmware by Hp

View all CVEs affecting Eliteone 800 G5 23.8 In Healthcare Edition All In One Firmware →

Eliteone 800 G5 23.8 Inch All In One Firmware by Hp

View all CVEs affecting Eliteone 800 G5 23.8 Inch All In One Firmware →

Eliteone 800 G6 24 All In One Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G6 24 All In One Pc Firmware →

Eliteone 800 G6 27 All In One Pc Firmware by Hp

View all CVEs affecting Eliteone 800 G6 27 All In One Pc Firmware →

Engage Flex Pro C Retail System Firmware by Hp

View all CVEs affecting Engage Flex Pro C Retail System Firmware →

Engage Flex Pro Retail System Firmware by Hp

View all CVEs affecting Engage Flex Pro Retail System Firmware →

Engage Gomobile System Firmware by Hp

View all CVEs affecting Engage Gomobile System Firmware →

Engage One All In One System Firmware by Hp

View all CVEs affecting Engage One All In One System Firmware →

Engage One Pro Aio System Firmware by Hp

View all CVEs affecting Engage One Pro Aio System Firmware →

Mp9 G2 Retail System Firmware by Hp

View all CVEs affecting Mp9 G2 Retail System Firmware →

Mp9 G4 Retail System Firmware by Hp

View all CVEs affecting Mp9 G4 Retail System Firmware →

Mt20 Thin Client Firmware by Hp

View all CVEs affecting Mt20 Thin Client Firmware →

Mt21 Thin Client Firmware by Hp

View all CVEs affecting Mt21 Thin Client Firmware →

Mt22 Thin Client Firmware by Hp

View all CVEs affecting Mt22 Thin Client Firmware →

Mt31 Thin Client Firmware by Hp

View all CVEs affecting Mt31 Thin Client Firmware →

Pro X2 612 G2 Firmware by Hp

View all CVEs affecting Pro X2 612 G2 Firmware →

Probook 11 G2 Education Edition Firmware by Hp

View all CVEs affecting Probook 11 G2 Education Edition Firmware →

Probook 430 G3 Firmware by Hp

View all CVEs affecting Probook 430 G3 Firmware →

Probook 430 G4 Firmware by Hp

View all CVEs affecting Probook 430 G4 Firmware →

Probook 430 G5 Firmware by Hp

View all CVEs affecting Probook 430 G5 Firmware →

Probook 430 G6 Firmware by Hp

View all CVEs affecting Probook 430 G6 Firmware →

Probook 430 G7 Firmware by Hp

View all CVEs affecting Probook 430 G7 Firmware →

Probook 430 G8 Firmware by Hp

View all CVEs affecting Probook 430 G8 Firmware →

Probook 440 G3 Firmware by Hp

View all CVEs affecting Probook 440 G3 Firmware →

Probook 440 G4 Firmware by Hp

View all CVEs affecting Probook 440 G4 Firmware →

Probook 440 G5 Firmware by Hp

View all CVEs affecting Probook 440 G5 Firmware →

Probook 440 G6 Firmware by Hp

View all CVEs affecting Probook 440 G6 Firmware →

Probook 440 G7 Firmware by Hp

View all CVEs affecting Probook 440 G7 Firmware →

Probook 440 G8 Firmware by Hp

View all CVEs affecting Probook 440 G8 Firmware →

Probook 446 G3 Firmware by Hp

View all CVEs affecting Probook 446 G3 Firmware →

Probook 450 G3 Firmware by Hp

View all CVEs affecting Probook 450 G3 Firmware →

Probook 450 G4 Firmware by Hp

View all CVEs affecting Probook 450 G4 Firmware →

Probook 450 G5 Firmware by Hp

View all CVEs affecting Probook 450 G5 Firmware →

Probook 450 G6 Firmware by Hp

View all CVEs affecting Probook 450 G6 Firmware →

Probook 450 G7 Firmware by Hp

View all CVEs affecting Probook 450 G7 Firmware →

Probook 450 G8 Firmware by Hp

View all CVEs affecting Probook 450 G8 Firmware →

Probook 470 G3 Firmware by Hp

View all CVEs affecting Probook 470 G3 Firmware →

Probook 470 G4 Firmware by Hp

View all CVEs affecting Probook 470 G4 Firmware →

Probook 470 G5 Firmware by Hp

View all CVEs affecting Probook 470 G5 Firmware →

Probook 630 G8 Firmware by Hp

View all CVEs affecting Probook 630 G8 Firmware →

Probook 640 G2 Firmware by Hp

View all CVEs affecting Probook 640 G2 Firmware →

Probook 640 G3 Firmware by Hp

View all CVEs affecting Probook 640 G3 Firmware →

Probook 640 G4 Firmware by Hp

View all CVEs affecting Probook 640 G4 Firmware →

Probook 640 G5 Firmware by Hp

View all CVEs affecting Probook 640 G5 Firmware →

Probook 640 G7 Firmware by Hp

View all CVEs affecting Probook 640 G7 Firmware →

Probook 640 G8 Firmware by Hp

View all CVEs affecting Probook 640 G8 Firmware →

Probook 650 G2 Firmware by Hp

View all CVEs affecting Probook 650 G2 Firmware →

Probook 650 G3 Firmware by Hp

View all CVEs affecting Probook 650 G3 Firmware →

Probook 650 G4 Firmware by Hp

View all CVEs affecting Probook 650 G4 Firmware →

Probook 650 G5 Firmware by Hp

View all CVEs affecting Probook 650 G5 Firmware →

Probook 650 G7 Firmware by Hp

View all CVEs affecting Probook 650 G7 Firmware →

Probook 650 G8 Firmware by Hp

View all CVEs affecting Probook 650 G8 Firmware →

Probook X360 11 G2 Education Edition Firmware by Hp

View all CVEs affecting Probook X360 11 G2 Education Edition Firmware →

Probook X360 11 G3 Education Edition Firmware by Hp

View all CVEs affecting Probook X360 11 G3 Education Edition Firmware →

Probook X360 11 G4 Education Edition Firmware by Hp

View all CVEs affecting Probook X360 11 G4 Education Edition Firmware →

Probook X360 11 G5 Education Edition Firmware by Hp

View all CVEs affecting Probook X360 11 G5 Education Edition Firmware →

Probook X360 11 G6 Education Edition Firmware by Hp

View all CVEs affecting Probook X360 11 G6 Education Edition Firmware →

Probook X360 440 G1 Firmware by Hp

View all CVEs affecting Probook X360 440 G1 Firmware →

Prodesk 400 G2 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G2 Desktop Mini Pc Firmware →

Prodesk 400 G3 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G3 Desktop Mini Pc Firmware →

Prodesk 400 G4 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G4 Desktop Mini Pc Firmware →

Prodesk 400 G4 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G4 Microtower Pc Firmware →

Prodesk 400 G4 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G4 Small Form Factor Pc Firmware →

Prodesk 400 G5 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G5 Desktop Mini Pc Firmware →

Prodesk 400 G5 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G5 Microtower Pc Firmware →

Prodesk 400 G5 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G5 Small Form Factor Pc Firmware →

Prodesk 400 G6 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G6 Desktop Mini Pc Firmware →

Prodesk 400 G6 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G6 Microtower Pc Firmware →

Prodesk 400 G6 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G6 Small Form Factor Pc Firmware →

Prodesk 400 G7 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G7 Microtower Pc Firmware →

Prodesk 400 G7 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 400 G7 Small Form Factor Pc Firmware →

Prodesk 480 G4 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 480 G4 Microtower Pc Firmware →

Prodesk 480 G5 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 480 G5 Microtower Pc Firmware →

Prodesk 480 G6 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 480 G6 Microtower Pc Firmware →

Prodesk 480 G7 Pci Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 480 G7 Pci Microtower Pc Firmware →

Prodesk 600 G2 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G2 Desktop Mini Pc Firmware →

Prodesk 600 G2 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G2 Microtower Pc Firmware →

Prodesk 600 G2 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G2 Small Form Factor Pc Firmware →

Prodesk 600 G3 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G3 Desktop Mini Pc Firmware →

Prodesk 600 G3 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G3 Microtower Pc Firmware →

Prodesk 600 G3 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G3 Small Form Factor Pc Firmware →

Prodesk 600 G4 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G4 Desktop Mini Pc Firmware →

Prodesk 600 G4 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G4 Microtower Pc Firmware →

Prodesk 600 G4 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G4 Small Form Factor Pc Firmware →

Prodesk 600 G5 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G5 Desktop Mini Pc Firmware →

Prodesk 600 G5 Microtower Pc \(with Pci Slot\) Firmware by Hp

View all CVEs affecting Prodesk 600 G5 Microtower Pc \(with Pci Slot\) Firmware →

Prodesk 600 G5 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G5 Microtower Pc Firmware →

Prodesk 600 G5 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G5 Small Form Factor Pc Firmware →

Prodesk 600 G6 Desktop Mini Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G6 Desktop Mini Pc Firmware →

Prodesk 600 G6 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G6 Microtower Pc Firmware →

Prodesk 600 G6 Pci Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G6 Pci Microtower Pc Firmware →

Prodesk 600 G6 Small Form Factor Pc Firmware by Hp

View all CVEs affecting Prodesk 600 G6 Small Form Factor Pc Firmware →

Prodesk 680 G2 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 680 G2 Microtower Pc Firmware →

Prodesk 680 G3 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 680 G3 Microtower Pc Firmware →

Prodesk 680 G4 Microtower Pc \(with Pci Slot\) Firmware by Hp

View all CVEs affecting Prodesk 680 G4 Microtower Pc \(with Pci Slot\) Firmware →

Prodesk 680 G4 Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 680 G4 Microtower Pc Firmware →

Prodesk 680 G6 Pci Microtower Pc Firmware by Hp

View all CVEs affecting Prodesk 680 G6 Pci Microtower Pc Firmware →

Proone 400 G2 20 Inch Non Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 400 G2 20 Inch Non Touch All In One Pc Firmware →

Proone 400 G2 20 Inch Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 400 G2 20 Inch Touch All In One Pc Firmware →

Proone 400 G3 20 Inch Non Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 400 G3 20 Inch Non Touch All In One Pc Firmware →

Proone 400 G3 20 Inch Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 400 G3 20 Inch Touch All In One Pc Firmware →

Proone 400 G4 20 Inch Non Touch All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 400 G4 20 Inch Non Touch All In One Business Pc Firmware →

Proone 400 G4 23.8 Inch Non Touch All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 400 G4 23.8 Inch Non Touch All In One Business Pc Firmware →

Proone 400 G5 20 Inch All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 400 G5 20 Inch All In One Business Pc Firmware →

Proone 400 G5 23.8 Inch All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 400 G5 23.8 Inch All In One Business Pc Firmware →

Proone 400 G6 20 All In One Pc Firmware by Hp

View all CVEs affecting Proone 400 G6 20 All In One Pc Firmware →

Proone 400 G6 24 All In One Pc Firmware by Hp

View all CVEs affecting Proone 400 G6 24 All In One Pc Firmware →

Proone 440 G3 \(rom Family Ssid 81b7\) Firmware by Hp

View all CVEs affecting Proone 440 G3 \(rom Family Ssid 81b7\) Firmware →

Proone 440 G3 \(rom Family Ssid 82dc\) Firmware by Hp

View all CVEs affecting Proone 440 G3 \(rom Family Ssid 82dc\) Firmware →

Proone 440 G4 23.8 Inch Non Touch All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 440 G4 23.8 Inch Non Touch All In One Business Pc Firmware →

Proone 440 G5 23.8 In All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 440 G5 23.8 In All In One Business Pc Firmware →

Proone 440 G6 24 All In One Pc Firmware by Hp

View all CVEs affecting Proone 440 G6 24 All In One Pc Firmware →

Proone 480 G3 20 Inch Non Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 480 G3 20 Inch Non Touch All In One Pc Firmware →

Proone 490 G3 \(rom Family Ssid 81b7\) Firmware by Hp

View all CVEs affecting Proone 490 G3 \(rom Family Ssid 81b7\) Firmware →

Proone 490 G3 \(rom Family Ssid 82dc\) Firmware by Hp

View all CVEs affecting Proone 490 G3 \(rom Family Ssid 82dc\) Firmware →

Proone 600 G2 21.5 Inch Non Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 600 G2 21.5 Inch Non Touch All In One Pc Firmware →

Proone 600 G2 21.5 Inch Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 600 G2 21.5 Inch Touch All In One Pc Firmware →

Proone 600 G3 21.5 Inch Non Touch All In One Pc Firmware by Hp

View all CVEs affecting Proone 600 G3 21.5 Inch Non Touch All In One Pc Firmware →

Proone 600 G4 21.5 Inch Touch All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 600 G4 21.5 Inch Touch All In One Business Pc Firmware →

Proone 600 G5 21.5 In All In One Business Pc Firmware by Hp

View all CVEs affecting Proone 600 G5 21.5 In All In One Business Pc Firmware →

Proone 600 G6 22 All In One Pc Firmware by Hp

View all CVEs affecting Proone 600 G6 22 All In One Pc Firmware →

Rp9 G1 Retail System Firmware by Hp

View all CVEs affecting Rp9 G1 Retail System Firmware →

Spectre Pro 13 G1 Firmware by Hp

View all CVEs affecting Spectre Pro 13 G1 Firmware →

Spectre Pro X360 G2 Firmware by Hp

View all CVEs affecting Spectre Pro X360 G2 Firmware →

Sprout Pro By G2 Firmware by Hp

View all CVEs affecting Sprout Pro By G2 Firmware →

Stream 11 Pro G4 Firmware by Hp

View all CVEs affecting Stream 11 Pro G4 Firmware →

Stream 11 Pro G5 Firmware by Hp

View all CVEs affecting Stream 11 Pro G5 Firmware →

T430 Thin Client Firmware by Hp

View all CVEs affecting T430 Thin Client Firmware →

T638 Thin Client Firmware by Hp

View all CVEs affecting T638 Thin Client Firmware →

Z Vr Backpack G1 Firmware by Hp

View all CVEs affecting Z Vr Backpack G1 Firmware →

Z1 All In One G3 Firmware by Hp

View all CVEs affecting Z1 All In One G3 Firmware →

Z1 Entry Tower G5 Firmware by Hp

View all CVEs affecting Z1 Entry Tower G5 Firmware →

Z1 Entry Tower G6 Firmware by Hp

View all CVEs affecting Z1 Entry Tower G6 Firmware →

Z2 Mini G3 Firmware by Hp

View all CVEs affecting Z2 Mini G3 Firmware →

Z2 Mini G4 Firmware by Hp

View all CVEs affecting Z2 Mini G4 Firmware →

Z2 Mini G5 Firmware by Hp

View all CVEs affecting Z2 Mini G5 Firmware →

Z2 Small Form Factor G4 Firmware by Hp

View all CVEs affecting Z2 Small Form Factor G4 Firmware →

Z2 Small Form Factor G5 Firmware by Hp

View all CVEs affecting Z2 Small Form Factor G5 Firmware →

Z2 Tower G4 Firmware by Hp

View all CVEs affecting Z2 Tower G4 Firmware →

Z2 Tower G5 Firmware by Hp

View all CVEs affecting Z2 Tower G5 Firmware →

Z238 Microtower Firmware by Hp

View all CVEs affecting Z238 Microtower Firmware →

Z240 Small Form Factor Firmware by Hp

View all CVEs affecting Z240 Small Form Factor Firmware →

Z240 Tower Firmware by Hp

View all CVEs affecting Z240 Tower Firmware →

Z4 G4 Workstation \(core X\) Firmware by Hp

View all CVEs affecting Z4 G4 Workstation \(core X\) Firmware →

Z4 G4 Workstation \(xeon W\) Firmware by Hp

View all CVEs affecting Z4 G4 Workstation \(xeon W\) Firmware →

Z440 Workstation Firmware by Hp

View all CVEs affecting Z440 Workstation Firmware →

Z6 G4 Workstation Firmware by Hp

View all CVEs affecting Z6 G4 Workstation Firmware →

Z640 Workstation Firmware by Hp

View all CVEs affecting Z640 Workstation Firmware →

Z8 G4 Workstation Firmware by Hp

View all CVEs affecting Z8 G4 Workstation Firmware →

Z840 Workstation Firmware by Hp

View all CVEs affecting Z840 Workstation Firmware →

Zbook 14u G4 Firmware by Hp

View all CVEs affecting Zbook 14u G4 Firmware →

Zbook 14u G5 Firmware by Hp

View all CVEs affecting Zbook 14u G5 Firmware →

Zbook 14u G6 Firmware by Hp

View all CVEs affecting Zbook 14u G6 Firmware →

Zbook 15 G3 Firmware by Hp

View all CVEs affecting Zbook 15 G3 Firmware →

Zbook 15 G4 Firmware by Hp

View all CVEs affecting Zbook 15 G4 Firmware →

Zbook 15 G5 Firmware by Hp

View all CVEs affecting Zbook 15 G5 Firmware →

Zbook 15 G6 Firmware by Hp

View all CVEs affecting Zbook 15 G6 Firmware →

Zbook 15u G3 Firmware by Hp

View all CVEs affecting Zbook 15u G3 Firmware →

Zbook 15u G4 Firmware by Hp

View all CVEs affecting Zbook 15u G4 Firmware →

Zbook 15u G5 Firmware by Hp

View all CVEs affecting Zbook 15u G5 Firmware →

Zbook 15u G6 Firmware by Hp

View all CVEs affecting Zbook 15u G6 Firmware →

Zbook 15v G5 Mobile Workstation Firmware by Hp

View all CVEs affecting Zbook 15v G5 Mobile Workstation Firmware →

Zbook 17 G3 Firmware by Hp

View all CVEs affecting Zbook 17 G3 Firmware →

Zbook 17 G4 Firmware by Hp

View all CVEs affecting Zbook 17 G4 Firmware →

Zbook 17 G5 Firmware by Hp

View all CVEs affecting Zbook 17 G5 Firmware →

Zbook 17 G6 Firmware by Hp

View all CVEs affecting Zbook 17 G6 Firmware →

Zbook Create G7 Firmware by Hp

View all CVEs affecting Zbook Create G7 Firmware →

Zbook Firefly 14 G7 Firmware by Hp

View all CVEs affecting Zbook Firefly 14 G7 Firmware →

Zbook Firefly 15 G7 Firmware by Hp

View all CVEs affecting Zbook Firefly 15 G7 Firmware →

Zbook Fury 15 G7 Firmware by Hp

View all CVEs affecting Zbook Fury 15 G7 Firmware →

Zbook Fury 17 G7 Firmware by Hp

View all CVEs affecting Zbook Fury 17 G7 Firmware →

Zbook Power G7 Firmware by Hp

View all CVEs affecting Zbook Power G7 Firmware →

Zbook Studio G4 Firmware by Hp

View all CVEs affecting Zbook Studio G4 Firmware →

Zbook Studio G5 Firmware by Hp

View all CVEs affecting Zbook Studio G5 Firmware →

Zbook Studio G7 Firmware by Hp

View all CVEs affecting Zbook Studio G7 Firmware →

Zbook Studio X360 G5 Firmware by Hp

View all CVEs affecting Zbook Studio X360 G5 Firmware →

Zbook X2 G4 Firmware by Hp

View all CVEs affecting Zbook X2 G4 Firmware →

Zcentral 4r Firmware by Hp

View all CVEs affecting Zcentral 4r Firmware →

Zhan 66 Pro 13 G2 Firmware by Hp

View all CVEs affecting Zhan 66 Pro 13 G2 Firmware →

Zhan 66 Pro 14 G2 Firmware by Hp

View all CVEs affecting Zhan 66 Pro 14 G2 Firmware →

Zhan 66 Pro 14 G3 Firmware by Hp

View all CVEs affecting Zhan 66 Pro 14 G3 Firmware →

Zhan 66 Pro 14 G4 Firmware by Hp

View all CVEs affecting Zhan 66 Pro 14 G4 Firmware →

Zhan 66 Pro 15 G2 Firmware by Hp

View all CVEs affecting Zhan 66 Pro 15 G2 Firmware →

Zhan 66 Pro 15 G3 Firmware by Hp

View all CVEs affecting Zhan 66 Pro 15 G3 Firmware →

Zhan 66 Pro G1 Firmware by Hp

View all CVEs affecting Zhan 66 Pro G1 Firmware →

Zhan 66 Pro G1 Microtower Pc Firmware by Hp

View all CVEs affecting Zhan 66 Pro G1 Microtower Pc Firmware →

Zhan 66 Pro G1 R Microtower Pc Firmware by Hp

View all CVEs affecting Zhan 66 Pro G1 R Microtower Pc Firmware →

Zhan 66 Pro G3 22 All In One Pc Firmware by Hp

View all CVEs affecting Zhan 66 Pro G3 22 All In One Pc Firmware →

Zhan 66 Pro G3 24 All In One Pc Firmware by Hp

View all CVEs affecting Zhan 66 Pro G3 24 All In One Pc Firmware →

Zhan 86 Pro G1 Microtower Pc Firmware by Hp

View all CVEs affecting Zhan 86 Pro G1 Microtower Pc Firmware →

Zhan 86 Pro G2 Microtower \(rom Family Ssid 843c\) Firmware by Hp

View all CVEs affecting Zhan 86 Pro G2 Microtower \(rom Family Ssid 843c\) Firmware →

Zhan 99 Pro G1 Microtower \(rom Family Ssid 843c\) Firmware by Hp

View all CVEs affecting Zhan 99 Pro G1 Microtower \(rom Family Ssid 843c\) Firmware →

Zhan X 13 G2 Firmware by Hp

View all CVEs affecting Zhan X 13 G2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could gain persistent control over the system by flashing malicious firmware, potentially creating an undetectable backdoor that survives OS reinstallation.

🟠

Likely Case

Local attacker with physical access could bypass security controls, install malware, or extract sensitive data from the system.

🟢

If Mitigated

With proper physical security controls and updated firmware, the risk is significantly reduced to authorized firmware updates only.

🌐 Internet-Facing: LOW - This requires physical access or local administrative access to exploit.

🏢 Internal Only: MEDIUM - Internal attackers with physical access or local admin privileges could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical access or local administrative privileges. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS version 02.05.05 Rev.A or later

Vendor Advisory: https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735

Restart Required: Yes

Instructions:

1. Download the BIOS update from HP Support website. 2. Run the BIOS update utility. 3. Follow on-screen instructions to complete the update. 4. System will restart automatically to apply the firmware update.

🔧 Temporary Workarounds

Physical Security Controls

all

Implement strict physical access controls to prevent unauthorized access to workstations.

BIOS Password Protection

all

Enable BIOS/UEFI password protection to restrict firmware modification.

🧯 If You Can't Patch

Implement strict physical security controls and limit physical access to affected systems
Enable BIOS password protection and secure boot features to restrict firmware modifications

🔍 How to Verify

Check if Vulnerable:

Check BIOS version in system information (F10 during boot) or using HP BIOS Configuration Utility. Compare against vulnerable versions.

Check Version:

Windows: wmic bios get smbiosbiosversion
Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS version is 02.05.05 Rev.A or later in system BIOS settings.

📡 Detection & Monitoring

Log Indicators:

BIOS/UEFI firmware modification events
Unauthorized physical access attempts
Failed BIOS password attempts

Network Indicators:

Unusual firmware update traffic from unauthorized sources

SIEM Query:

EventID=12 OR EventID=13 (System events for firmware changes) OR Physical security access logs showing unauthorized entry

📊 Metadata

CVE ID: CVE-2021-3439

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: February 1, 2023

Last Updated: March 27, 2025

🔗 References

https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735 Patch,Vendor Advisory
https://support.hp.com/us-en/document/ish_3982318-3982351-16/hpsbhf03735 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

200 G3 All In One \(rom Family Ssid 8431\) Firmware by Hp

200 G3 All In One \(rom Family Ssid 84de\) Firmware by Hp

200 G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp

200 G4 22 All In One Pc \(rom Family Ssid 86f8\) Firmware by Hp

200 Pro G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp

200 Pro G4 22 All In One Pc \(rom Family Ssid 86f8\) Firmware by Hp

205 G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp

205 G4 22 All In One Pc \(rom Family Ssid 86f8\) Firmware by Hp

205 Pro G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp

205 Pro G4 22 All In One Pc \(rom Family Ssid 86f8\) Firmware by Hp

218 Pro G5 Microtower Pc Firmware by Hp

240 G4 Firmware by Hp

240 G5 Firmware by Hp

240 G6 Firmware by Hp

240 G7 Firmware by Hp

246 G4 Firmware by Hp

246 G5 Firmware by Hp

246 G6 Firmware by Hp

246 G7 Firmware by Hp

250 G4 Firmware by Hp

250 G5 Firmware by Hp

250 G6 Firmware by Hp

250 G7 Firmware by Hp

256 G4 Firmware by Hp

256 G5 Firmware by Hp

256 G6 Firmware by Hp

256 G7 Firmware by Hp

258 G6 Firmware by Hp

258 G7 Firmware by Hp

260 G2 Desktop Mini Firmware by Hp

260 G3 Desktop Mini Pc Firmware by Hp

260 G4 Desktop Mini Pc Firmware by Hp

280 G3 Microtower Pc Firmware by Hp

280 G3 Pci Microtower Pc Firmware by Hp

280 G3 Small Form Factor \(rom Family Ssid 843f\) Firmware by Hp

280 G4 Microtower \(rom Family Ssid 843c\) Firmware by Hp

280 G4 Small Form Factor \(rom Family Ssid 86e9\) Firmware by Hp

280 G4 Small Form Factor \(rom Family Ssid 8768\) Firmware by Hp

280 G5 Microtower \(rom Family Ssid 877e\) Firmware by Hp

280 G5 Small Form Factor \(rom Family Ssid 86e9\) Firmware by Hp

280 Pro G3 Microtower Pc Firmware by Hp

280 Pro G3 Small Form Factor \(rom Family Ssid 843f\) Firmware by Hp

280 Pro G4 Microtower \(rom Family Ssid 843c\) Firmware by Hp

280 Pro G6 Microtower \(rom Family Ssid 8948\) Firmware by Hp

282 Pro G3 Microtower Pc Firmware by Hp

282 Pro G4 Microtower \(rom Family Ssid 843c\) Firmware by Hp

282 Pro G5 Microtower \(rom Family Ssid 86e9\) Firmware by Hp

282 Pro G6 Microtower \(rom Family Ssid 8948\) Firmware by Hp

288 Pro G3 Microtower Firmware by Hp

288 Pro G4 Microtower \(rom Family Ssid 843c\) Firmware by Hp

288 Pro G5 Microtower \(rom Family Ssid 86e9\) Firmware by Hp

288 Pro G6 Microtower \(rom Family Ssid 877e\) Firmware by Hp

288 Pro G6 Microtower \(rom Family Ssid 8948\) Firmware by Hp

290 G1 Microtower Pc Firmware by Hp

290 G1 Small Form Factor \(rom Family Ssid 843f\) Firmware by Hp

290 G2 Microtower \(rom Family Ssid 843c\) Firmware by Hp

290 G2 Small Form Factor \(rom Family Ssid 86e9\) Firmware by Hp

290 G2 Small Form Factor \(rom Family Ssid 8768\) Firmware by Hp

290 G3 \(rom Family Ssid 86e9\) Firmware by Hp

290 G4 Microtower \(rom Family Ssid 877e\) Firmware by Hp

290 G4 Microtower \(rom Family Ssid 8948\) Firmware by Hp

340 G3 Firmware by Hp

340 G4 Firmware by Hp

340 G5 Firmware by Hp

340 G7 Firmware by Hp

340s G7 Firmware by Hp

346 G3 Firmware by Hp

346 G4 Firmware by Hp

348 G3 Firmware by Hp

348 G4 Firmware by Hp

348 G5 Firmware by Hp

348 G7 Firmware by Hp

406 Microtower Pc Firmware by Hp

470 G7 Firmware by Hp

Desktop Pro 300 G3 Firmware by Hp

Desktop Pro G1 Microtower \(rom Family Ssid 843c\) Firmware by Hp

Desktop Pro G2 Firmware by Hp