CVE-2021-3809
📋 TL;DR
This CVE describes vulnerabilities in HP PC BIOS/UEFI firmware that could allow attackers to execute arbitrary code with high privileges. Affected systems include certain HP PC products running vulnerable firmware versions. Successful exploitation could compromise system integrity at the firmware level.
💻 Affected Systems
- Certain HP PC products (specific models listed in HP advisory)
📦 What is this software?
Elitedesk 705 G3 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G3 Desktop Mini Pc Firmware →
Elitedesk 705 G3 Microtower Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G3 Microtower Pc Firmware →
Elitedesk 705 G3 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G3 Small Form Factor Pc Firmware →
Elitedesk 705 G4 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G4 Desktop Mini Pc Firmware →
Elitedesk 705 G4 Microtower Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G4 Microtower Pc Firmware →
Elitedesk 705 G4 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G4 Small Form Factor Pc Firmware →
Elitedesk 705 G4 Workstation Firmware by Hp
View all CVEs affecting Elitedesk 705 G4 Workstation Firmware →
Elitedesk 705 G5 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G5 Desktop Mini Pc Firmware →
Elitedesk 705 G5 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Elitedesk 705 G5 Small Form Factor Pc Firmware →
Elitedesk 800 35w G3 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 35w G3 Desktop Mini Pc Firmware →
Elitedesk 800 35w G4 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 35w G4 Desktop Mini Pc Firmware →
Elitedesk 800 65w G3 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 65w G3 Desktop Mini Pc Firmware →
Elitedesk 800 65w G4 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 65w G4 Desktop Mini Pc Firmware →
Elitedesk 800 95w G4 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 95w G4 Desktop Mini Pc Firmware →
Elitedesk 800 G3 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 G3 Small Form Factor Pc Firmware →
Elitedesk 800 G3 Tower Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 G3 Tower Pc Firmware →
Elitedesk 800 G4 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 G4 Small Form Factor Pc Firmware →
Elitedesk 800 G4 Tower Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 G4 Tower Pc Firmware →
Elitedesk 800 G4 Workstation Firmware by Hp
View all CVEs affecting Elitedesk 800 G4 Workstation Firmware →
Elitedesk 800 G5 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 G5 Desktop Mini Pc Firmware →
Elitedesk 800 G5 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 G5 Small Form Factor Pc Firmware →
Elitedesk 800 G5 Tower Pc Firmware by Hp
View all CVEs affecting Elitedesk 800 G5 Tower Pc Firmware →
Elitedesk 880 G3 Tower Pc Firmware by Hp
View all CVEs affecting Elitedesk 880 G3 Tower Pc Firmware →
Elitedesk 880 G4 Tower Pc Firmware by Hp
View all CVEs affecting Elitedesk 880 G4 Tower Pc Firmware →
Elitedesk 880 G5 Tower Pc Firmware by Hp
View all CVEs affecting Elitedesk 880 G5 Tower Pc Firmware →
Eliteone 1000 G1 23.8 In All In One Business Pc Firmware by Hp
View all CVEs affecting Eliteone 1000 G1 23.8 In All In One Business Pc Firmware →
Eliteone 1000 G2 23.8 In All In One Business Pc Firmware by Hp
View all CVEs affecting Eliteone 1000 G2 23.8 In All In One Business Pc Firmware →
Eliteone 800 G3 23.8 Non Touch All In One Business Pc Firmware by Hp
View all CVEs affecting Eliteone 800 G3 23.8 Non Touch All In One Business Pc Firmware →
Eliteone 800 G4 23.8 In All In One Business Pc Firmware by Hp
View all CVEs affecting Eliteone 800 G4 23.8 In All In One Business Pc Firmware →
Eliteone 800 G5 23.8 In All In One Firmware by Hp
View all CVEs affecting Eliteone 800 G5 23.8 In All In One Firmware →
Engage Flex Pro C Retail System Firmware by Hp
View all CVEs affecting Engage Flex Pro C Retail System Firmware →
Engage Flex Pro Retail System Firmware by Hp
View all CVEs affecting Engage Flex Pro Retail System Firmware →
Engage Go 10 Mobile System Firmware by Hp
View all CVEs affecting Engage Go 10 Mobile System Firmware →
Hp Mt21 Mobile Thin Client Firmware by Hp
View all CVEs affecting Hp Mt21 Mobile Thin Client Firmware →
Hp Mt31 Mobile Thin Client Firmware by Hp
View all CVEs affecting Hp Mt31 Mobile Thin Client Firmware →
Hp Mt44 Mobile Thin Client Firmware by Hp
View all CVEs affecting Hp Mt44 Mobile Thin Client Firmware →
Hp Mt45 Mobile Thin Client Firmware by Hp
View all CVEs affecting Hp Mt45 Mobile Thin Client Firmware →
Hp Z2 Small Form Factor G4 Firmware by Hp
View all CVEs affecting Hp Z2 Small Form Factor G4 Firmware →
Hp Z2 Small Form Factor G4 Firmware by Hp
View all CVEs affecting Hp Z2 Small Form Factor G4 Firmware →
Hp Z2 Small Form Factor G5 Firmware by Hp
View all CVEs affecting Hp Z2 Small Form Factor G5 Firmware →
Hp Z2 Small Form Factor G5 Firmware by Hp
View all CVEs affecting Hp Z2 Small Form Factor G5 Firmware →
Hp Z240 Small Form Factor Firmware by Hp
View all CVEs affecting Hp Z240 Small Form Factor Firmware →
Hp Z240 Small Form Factor Firmware by Hp
View all CVEs affecting Hp Z240 Small Form Factor Firmware →
Prodesk 400 G3 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G3 Desktop Mini Pc Firmware →
Prodesk 400 G4 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G4 Desktop Mini Pc Firmware →
Prodesk 400 G4 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G4 Microtower Pc Firmware →
Prodesk 400 G4 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G4 Small Form Factor Pc Firmware →
Prodesk 400 G5 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G5 Desktop Mini Pc Firmware →
Prodesk 400 G5 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G5 Microtower Pc Firmware →
Prodesk 400 G5 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G5 Small Form Factor Pc Firmware →
Prodesk 400 G6 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G6 Microtower Pc Firmware →
Prodesk 400 G6 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Prodesk 400 G6 Small Form Factor Pc Firmware →
Prodesk 405 G4 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Prodesk 405 G4 Desktop Mini Pc Firmware →
Prodesk 405 G4 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Prodesk 405 G4 Small Form Factor Pc Firmware →
Prodesk 480 G4 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 480 G4 Microtower Pc Firmware →
Prodesk 480 G5 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 480 G5 Microtower Pc Firmware →
Prodesk 480 G6 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 480 G6 Microtower Pc Firmware →
Prodesk 600 G3 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G3 Desktop Mini Pc Firmware →
Prodesk 600 G3 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G3 Microtower Pc Firmware →
Prodesk 600 G3 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G3 Small Form Factor Pc Firmware →
Prodesk 600 G4 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G4 Desktop Mini Pc Firmware →
Prodesk 600 G4 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G4 Microtower Pc Firmware →
Prodesk 600 G4 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G4 Small Form Factor Pc Firmware →
Prodesk 600 G5 Desktop Mini Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G5 Desktop Mini Pc Firmware →
Prodesk 600 G5 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G5 Microtower Pc Firmware →
Prodesk 600 G5 Small Form Factor Pc Firmware by Hp
View all CVEs affecting Prodesk 600 G5 Small Form Factor Pc Firmware →
Prodesk 680 G3 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 680 G3 Microtower Pc Firmware →
Prodesk 680 G4 Microtower Pc Firmware by Hp
View all CVEs affecting Prodesk 680 G4 Microtower Pc Firmware →
Proone 400 G3 20 Inch Non Touch All In One Pc Firmware by Hp
View all CVEs affecting Proone 400 G3 20 Inch Non Touch All In One Pc Firmware →
Proone 400 G3 20 Inch Touch All In One Pc Firmware by Hp
View all CVEs affecting Proone 400 G3 20 Inch Touch All In One Pc Firmware →
Proone 400 G4 20 Inch Non Touch All In One Business Pc Firmware by Hp
View all CVEs affecting Proone 400 G4 20 Inch Non Touch All In One Business Pc Firmware →
Proone 400 G4 23.8 Inch Non Touch All In One Business Pc Firmware by Hp
View all CVEs affecting Proone 400 G4 23.8 Inch Non Touch All In One Business Pc Firmware →
Proone 400 G5 20 Inch All In One Business Pc Firmware by Hp
View all CVEs affecting Proone 400 G5 20 Inch All In One Business Pc Firmware →
Proone 400 G5 23.8 Inch All In One Business Pc Firmware by Hp
View all CVEs affecting Proone 400 G5 23.8 Inch All In One Business Pc Firmware →
Proone 440 G4 23.8 Inch Non Touch All In One Business Pc Firmware by Hp
View all CVEs affecting Proone 440 G4 23.8 Inch Non Touch All In One Business Pc Firmware →
Proone 440 G5 23.8 In All In One Business Pc Firmware by Hp
View all CVEs affecting Proone 440 G5 23.8 In All In One Business Pc Firmware →
Proone 480 G3 20 Inch Non Touch All In One Pc Firmware by Hp
View all CVEs affecting Proone 480 G3 20 Inch Non Touch All In One Pc Firmware →
Proone 600 G3 21.5 Inch Non Touch All In One Pc Firmware by Hp
View all CVEs affecting Proone 600 G3 21.5 Inch Non Touch All In One Pc Firmware →
Proone 600 G4 21.5 Inch Touch All In One Business Pc Firmware by Hp
View all CVEs affecting Proone 600 G4 21.5 Inch Touch All In One Business Pc Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with persistent firmware-level malware that survives OS reinstallation and disk replacement
Likely Case
Local privilege escalation allowing attackers to bypass security controls and maintain persistence
If Mitigated
Limited impact with proper firmware updates and secure boot enabled
🎯 Exploit Status
Exploitation typically requires physical access or administrative privileges
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: HP BIOS/UEFI firmware updates with security fixes
Vendor Advisory: https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
Restart Required: Yes
Instructions:
1. Identify affected HP PC models using HP advisory. 2. Download latest BIOS/UEFI firmware from HP Support. 3. Run firmware update utility. 4. Restart system to complete installation.
🔧 Temporary Workarounds
Enable Secure Boot
allSecure Boot helps prevent unauthorized firmware/software from loading during boot process
Physical Security Controls
allRestrict physical access to prevent local exploitation
🧯 If You Can't Patch
- Isolate affected systems from high-risk networks
- Implement strict access controls and monitoring for physical access
🔍 How to Verify
Check if Vulnerable:
Check BIOS/UEFI firmware version against HP's advisory for affected versionsCheck Version:
Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -s bios-versionVerify Fix Applied:
Verify BIOS/UEFI firmware version matches or exceeds patched version from HP advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected BIOS/UEFI firmware modification events
- Failed firmware update attempts
Network Indicators:
- Unusual firmware update traffic from unauthorized sources
SIEM Query:
EventID=12 OR EventID=13 (System events for firmware changes) OR suspicious firmware update patterns