CVE-2023-26299

Q: What is the severity of CVE-2023-26299?

CVE-2023-26299 has a CVSS score of 7.0 (HIGH). A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in AMI UEFI Firmware on certain HP PC products could allow attackers to execute arbitrary code during system boot. This affects HP PC products with vulnerable AMI UEFI Firmware versions. Exploitation requires physical or administrative access to the system.

7.0 HIGH

📋 TL;DR

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in AMI UEFI Firmware on certain HP PC products could allow attackers to execute arbitrary code during system boot. This affects HP PC products with vulnerable AMI UEFI Firmware versions. Exploitation requires physical or administrative access to the system.

💻 Affected Systems

Products:

HP PC products with AMI UEFI Firmware

Versions: Specific versions not publicly detailed in advisory

Operating Systems: All operating systems on affected hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Check HP advisory HPSBHF03850 for specific affected product models and firmware versions

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with persistent firmware-level malware that survives OS reinstallation and disk replacement

🟠

Likely Case

Local privilege escalation allowing attackers to bypass OS security controls and install persistent backdoors

🟢

If Mitigated

Limited impact due to physical access requirements and BIOS/UEFI password protection

🌐 Internet-Facing: LOW - Requires physical or administrative access to system, not remotely exploitable

🏢 Internal Only: MEDIUM - Insider threats or compromised admin accounts could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires physical access or administrative privileges to modify UEFI settings

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: AMI UEFI Firmware updates provided by HP

Vendor Advisory: https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850

Restart Required: Yes

Instructions:

1. Identify affected HP PC model. 2. Visit HP Support site. 3. Download latest BIOS/UEFI firmware update. 4. Run update utility. 5. Restart system as prompted.

🔧 Temporary Workarounds

Enable BIOS/UEFI Password

all

Set administrative password for BIOS/UEFI settings to prevent unauthorized modifications

Enable Secure Boot

all

Enable Secure Boot in UEFI settings to verify bootloader integrity

🧯 If You Can't Patch

Restrict physical access to vulnerable systems
Implement strict administrative access controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check HP advisory HPSBHF03850 for affected models and compare with your system's BIOS/UEFI version

Check Version:

Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS/UEFI firmware version matches or exceeds patched version listed in HP advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected BIOS/UEFI firmware modification events
Failed firmware update attempts

Network Indicators:

No network indicators - local exploitation only

SIEM Query:

EventID=12 OR EventID=13 (System events for firmware changes) OR unauthorized BIOS access attempts

📊 Metadata

CVE ID: CVE-2023-26299

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-367

Published: June 30, 2023

Last Updated: November 21, 2024

🔗 References

https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 Patch,Vendor Advisory
https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

200 G3 Firmware by Hp

200 G4 22 All In One Firmware by Hp

200 Pro G4 22 All In One Firmware by Hp

205 G4 22 All In One Firmware by Hp

205 Pro G4 22 All In One Firmware by Hp

240 G10 Firmware by Hp

245 G6 Firmware by Hp

245 G7 Firmware by Hp

245 G8 Firmware by Hp

247 G8 Firmware by Hp

250 G10 Firmware by Hp

255 G10 Firmware by Hp

260 G4 Desktop Mini Firmware by Hp

280 G3 Firmware by Hp

280 G4 Firmware by Hp

280 G4 Microtower Firmware by Hp

280 G5 Firmware by Hp

280 G5 Small Form Factor Firmware by Hp

280 G6 Firmware by Hp

280 G8 Microtower Firmware by Hp

280 Pro G3 Firmware by Hp

280 Pro G4 Microtower Firmware by Hp

280 Pro G5 Small Form Factor Firmware by Hp

282 G5 Firmware by Hp

282 G6 Firmware by Hp

282 Pro G4 Microtower Firmware by Hp

288 G5 Firmware by Hp

288 G6 Firmware by Hp

288 Pro G4 Microtower Firmware by Hp

290 G1 Firmware by Hp

290 G2 Firmware by Hp

290 G2 Microtower Firmware by Hp

290 G3 Firmware by Hp

290 G3 Small Form Factor Firmware by Hp

290 G4 Firmware by Hp

349 G7 Firmware by Hp

470 G10 Firmware by Hp

470 G9 Firmware by Hp

Desktop Pro G1 Microtower Firmware by Hp

Pro Small Form Factor 280 G9 Desktop Firmware by Hp

Pro Small Form Factor 290 G9 Desktop Firmware by Hp

Pro Small Form Factor Zhan 66 G9 Desktop Firmware by Hp

Pro Tower 200 G9 Desktop Firmware by Hp

Pro Tower 280 G9 Desktop Firmware by Hp

Pro Tower 290 G9 Desktop Firmware by Hp

Pro Tower Zhan 99 G9 Desktop Firmware by Hp

Proone 240 G10 Firmware by Hp

Proone 240 G9 Firmware by Hp

Proone 440 G3 Firmware by Hp

Proone 490 G3 Firmware by Hp

Proone 496 G3 Firmware by Hp

T430 Firmware by Hp

T628 Firmware by Hp

Vr Backpack G2 Firmware by Hp

Z Vr Backpack G1 Workstation Firmware by Hp

Zhan 86 Pro G2 Microtower Firmware by Hp

Zhan 99 G2 Firmware by Hp

Zhan 99 G4 Firmware by Hp

Zhan 99 Pro G1 Microtower Firmware by Hp