CVE-2023-26300
📋 TL;DR
This CVE describes a BIOS vulnerability in certain HP PC products that could allow attackers to escalate privileges on affected systems. The vulnerability affects specific HP PC models and requires physical or administrative access to exploit. HP has released firmware updates to address this security issue.
💻 Affected Systems
- Certain HP PC products (specific models not detailed in provided references)
📦 What is this software?
200 G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp
View all CVEs affecting 200 G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware →
200 G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware by Hp
View all CVEs affecting 200 G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware →
200 G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware by Hp
View all CVEs affecting 200 G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware →
200 Pro G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp
View all CVEs affecting 200 Pro G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware →
200 Pro G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware by Hp
View all CVEs affecting 200 Pro G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware →
200 Pro G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware by Hp
View all CVEs affecting 200 Pro G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware →
205 G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp
View all CVEs affecting 205 G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware →
205 G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware by Hp
View all CVEs affecting 205 G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware →
205 G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware by Hp
View all CVEs affecting 205 G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware →
205 G8 24 All In One Pc \(rom Family Ssid 8923\) Firmware by Hp
View all CVEs affecting 205 G8 24 All In One Pc \(rom Family Ssid 8923\) Firmware →
205 G8 24 All In One Pc \(rom Family Ssid 8924\) Firmware by Hp
View all CVEs affecting 205 G8 24 All In One Pc \(rom Family Ssid 8924\) Firmware →
205 Pro G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware by Hp
View all CVEs affecting 205 Pro G4 22 All In One Pc \(rom Family Ssid 86f0\) Firmware →
205 Pro G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware by Hp
View all CVEs affecting 205 Pro G4 22 All In One Pc \(rom Family Ssid 86f2\) Firmware →
205 Pro G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware by Hp
View all CVEs affecting 205 Pro G4 22 All In One Pc \(rom Family Ssid 86f3\) Firmware →
205 Pro G8 24 All In One Pc \(rom Family Ssid 8923\) Firmware by Hp
View all CVEs affecting 205 Pro G8 24 All In One Pc \(rom Family Ssid 8923\) Firmware →
205 Pro G8 24 All In One Pc \(rom Family Ssid 8924\) Firmware by Hp
View all CVEs affecting 205 Pro G8 24 All In One Pc \(rom Family Ssid 8924\) Firmware →
255 G8 \(rom Family Ssid 87d1\) Firmware by Hp
View all CVEs affecting 255 G8 \(rom Family Ssid 87d1\) Firmware →
255 G8 \(rom Family Ssid 8905\) Firmware by Hp
View all CVEs affecting 255 G8 \(rom Family Ssid 8905\) Firmware →
255 G8 \(rom Family Ssid 890e\) Firmware by Hp
View all CVEs affecting 255 G8 \(rom Family Ssid 890e\) Firmware →
285 G6 Microtower \(rom Family Ssid 871e\) Firmware by Hp
View all CVEs affecting 285 G6 Microtower \(rom Family Ssid 871e\) Firmware →
285 G8 Microtower \(rom Family Ssid 870e\) Firmware by Hp
View all CVEs affecting 285 G8 Microtower \(rom Family Ssid 870e\) Firmware →
285 Pro G6 Microtower \(rom Family Ssid 871e\) Firmware by Hp
View all CVEs affecting 285 Pro G6 Microtower \(rom Family Ssid 871e\) Firmware →
285 Pro G8 Microtower \(rom Family Ssid 870e\) Firmware by Hp
View all CVEs affecting 285 Pro G8 Microtower \(rom Family Ssid 870e\) Firmware →
295 G8 Microtower \(rom Family Ssid 870e\) Firmware by Hp
View all CVEs affecting 295 G8 Microtower \(rom Family Ssid 870e\) Firmware →
Desktop Pro A G3 Microtower Firmware by Hp
View all CVEs affecting Desktop Pro A G3 Microtower Firmware →
Pro Sff 280 G9 Desktop \(rom Family Ssid 89b4\) Firmware by Hp
View all CVEs affecting Pro Sff 280 G9 Desktop \(rom Family Ssid 89b4\) Firmware →
Pro Sff 280 G9 Desktop \(rom Family Ssid 8bc3\) Firmware by Hp
View all CVEs affecting Pro Sff 280 G9 Desktop \(rom Family Ssid 8bc3\) Firmware →
Pro Sff 290 G9 Desktop \(rom Family Ssid 89b4\) Firmware by Hp
View all CVEs affecting Pro Sff 290 G9 Desktop \(rom Family Ssid 89b4\) Firmware →
Pro Sff 290 G9 Desktop \(rom Family Ssid 8bc3\) Firmware by Hp
View all CVEs affecting Pro Sff 290 G9 Desktop \(rom Family Ssid 8bc3\) Firmware →
Pro Sff Zhan 66 G9 Desktop \(rom Family Ssid 89b4\) Firmware by Hp
View all CVEs affecting Pro Sff Zhan 66 G9 Desktop \(rom Family Ssid 89b4\) Firmware →
Pro Sff Zhan 66 G9 Desktop \(rom Family Ssid 8bc3\) Firmware by Hp
View all CVEs affecting Pro Sff Zhan 66 G9 Desktop \(rom Family Ssid 8bc3\) Firmware →
Pro Tower 200 G9 Desktop \(rom Family Ssid 89b3\) Firmware by Hp
View all CVEs affecting Pro Tower 200 G9 Desktop \(rom Family Ssid 89b3\) Firmware →
Pro Tower 200 G9 Desktop \(rom Family Ssid 89b4\) Firmware by Hp
View all CVEs affecting Pro Tower 200 G9 Desktop \(rom Family Ssid 89b4\) Firmware →
Pro Tower 200 G9 Desktop \(rom Family Ssid 8bc3\) Firmware by Hp
View all CVEs affecting Pro Tower 200 G9 Desktop \(rom Family Ssid 8bc3\) Firmware →
Pro Tower 280 G9 Desktop \(rom Family Ssid 89b3\) Firmware by Hp
View all CVEs affecting Pro Tower 280 G9 Desktop \(rom Family Ssid 89b3\) Firmware →
Pro Tower 280 G9 Desktop \(rom Family Ssid 89b4\) Firmware by Hp
View all CVEs affecting Pro Tower 280 G9 Desktop \(rom Family Ssid 89b4\) Firmware →
Pro Tower 290 G9 Desktop \(rom Family Ssid 89b3\) Firmware by Hp
View all CVEs affecting Pro Tower 290 G9 Desktop \(rom Family Ssid 89b3\) Firmware →
Pro Tower 290 G9 Desktop \(rom Family Ssid 89b4\) Firmware by Hp
View all CVEs affecting Pro Tower 290 G9 Desktop \(rom Family Ssid 89b4\) Firmware →
Pro Tower 290 G9 Desktop \(rom Family Ssid 8bc3\) Firmware by Hp
View all CVEs affecting Pro Tower 290 G9 Desktop \(rom Family Ssid 8bc3\) Firmware →
Pro Tower Zhan 99 G9 Desktop \(rom Family Ssid 89b3\) Firmware by Hp
View all CVEs affecting Pro Tower Zhan 99 G9 Desktop \(rom Family Ssid 89b3\) Firmware →
Pro Tower Zhan 99 G9 Desktop \(rom Family Ssid 89b4\) Firmware by Hp
View all CVEs affecting Pro Tower Zhan 99 G9 Desktop \(rom Family Ssid 89b4\) Firmware →
Pro Tower Zhan 99 G9 Desktop \(rom Family Ssid 8b3c\) Firmware by Hp
View all CVEs affecting Pro Tower Zhan 99 G9 Desktop \(rom Family Ssid 8b3c\) Firmware →
Proone 240 G10 \(rom Family Ssid 8b4c\) Firmware by Hp
View all CVEs affecting Proone 240 G10 \(rom Family Ssid 8b4c\) Firmware →
Proone 240 G10 \(rom Family Ssid 8b4d\) Firmware by Hp
View all CVEs affecting Proone 240 G10 \(rom Family Ssid 8b4d\) Firmware →
Proone 240 G9 \(rom Family Ssid 89eb\) Firmware by Hp
View all CVEs affecting Proone 240 G9 \(rom Family Ssid 89eb\) Firmware →
Vr Backpack G2 \(rom Family Ssid 8590\) Firmware by Hp
View all CVEs affecting Vr Backpack G2 \(rom Family Ssid 8590\) Firmware →
Zbook 15 G5 Mobile Workstation Firmware by Hp
View all CVEs affecting Zbook 15 G5 Mobile Workstation Firmware →
Zhan 66 Pro A G1 R Microtower Firmware by Hp
View all CVEs affecting Zhan 66 Pro A G1 R Microtower Firmware →
Zhan 66 Pro A G10 \(rom Family Ssid 8b4e\) Firmware by Hp
View all CVEs affecting Zhan 66 Pro A G10 \(rom Family Ssid 8b4e\) Firmware →
Zhan 66 Pro A G4 All In One Pc \(rom Family Ssid 8923\) Firmware by Hp
View all CVEs affecting Zhan 66 Pro A G4 All In One Pc \(rom Family Ssid 8923\) Firmware →
Zhan 66 Pro A G4 All In One Pc \(rom Family Ssid 8924\) Firmware by Hp
View all CVEs affecting Zhan 66 Pro A G4 All In One Pc \(rom Family Ssid 8924\) Firmware →
Zhan 99 G3 Mobile Workstation Firmware by Hp
View all CVEs affecting Zhan 99 G3 Mobile Workstation Firmware →
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical or administrative access could gain SYSTEM/root-level privileges, bypass security controls, install persistent malware, or access sensitive data.
Likely Case
Malicious insiders or attackers with physical access could gain elevated privileges on affected HP systems to install unauthorized software or access restricted data.
If Mitigated
With proper physical security controls and BIOS password protection, the attack surface is significantly reduced, though the vulnerability remains present.
🎯 Exploit Status
Exploitation requires physical access or administrative privileges to the system. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest firmware updates from HP
Vendor Advisory: https://support.hp.com/us-en/document/ish_9461800-9461828-16
Restart Required: Yes
Instructions:
1. Visit HP Support website. 2. Enter your HP PC model number. 3. Download latest BIOS/firmware update. 4. Run the update utility. 5. Restart system when prompted.
🔧 Temporary Workarounds
Enable BIOS Password
allSet a BIOS administrator password to prevent unauthorized BIOS modifications
Access BIOS setup during boot (typically F10) and set administrator password
Physical Security Controls
allImplement physical security measures to prevent unauthorized access to systems
🧯 If You Can't Patch
- Implement strict physical security controls to prevent unauthorized access to affected systems
- Enable BIOS passwords and secure boot options to reduce attack surface
🔍 How to Verify
Check if Vulnerable:
Check HP Support website with your PC model number to see if affected, or check current BIOS version against HP's advisoryCheck Version:
Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -s bios-versionVerify Fix Applied:
Verify BIOS version after update matches or exceeds the patched version listed in HP's advisory📡 Detection & Monitoring
Log Indicators:
- Unexpected BIOS modifications
- Failed BIOS update attempts
- System boot anomalies
Network Indicators:
- No network indicators - this is a local privilege escalation vulnerability
SIEM Query:
Search for BIOS modification events or unexpected privilege escalation on HP systems