Login Sign Up

CVE-2023-6138

7.9 HIGH
Denial of Service

📋 TL;DR

A BIOS vulnerability in certain HP Workstation PCs could allow attackers with physical or local access to execute arbitrary code, escalate privileges, or cause denial of service. This affects specific HP workstation models with vulnerable BIOS versions. Attackers need local or physical access to exploit this vulnerability.

💻 Affected Systems

Products:
  • HP Z2 Mini G9 Workstation
  • HP Z2 Small Form Factor G9 Workstation
  • HP Z2 Tower G9 Workstation
Versions: BIOS versions prior to 02.07.10 Rev.A
Operating Systems: All operating systems running on affected hardware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects specific HP workstation models with vulnerable BIOS versions. Requires local or physical access to exploit.

📦 What is this software?

Z440 Workstation Firmware by Hp

View all CVEs affecting Z440 Workstation Firmware →

Z640 Workstation Firmware by Hp

View all CVEs affecting Z640 Workstation Firmware →

Z840 Workstation Firmware by Hp

View all CVEs affecting Z840 Workstation Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with persistent BIOS-level malware that survives OS reinstallation, allowing attackers to maintain control even after security measures are applied.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls and gain administrative access to the system.

🟢

If Mitigated

Limited impact with proper physical security controls and BIOS password protection in place.

🌐 Internet-Facing: LOW - Requires local/physical access, not remotely exploitable over network.
🏢 Internal Only: MEDIUM - Insider threats or compromised internal accounts could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the system. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BIOS version 02.07.10 Rev.A or later

Vendor Advisory: https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915

Restart Required: Yes

Instructions:

1. Download BIOS update from HP Support site. 2. Run the BIOS update executable. 3. Follow on-screen instructions. 4. System will restart automatically to complete update.

🔧 Temporary Workarounds

Enable BIOS Password

all

Set a BIOS administrator password to prevent unauthorized BIOS modifications

Access BIOS setup during boot (typically F10), navigate to Security settings, set Administrator Password

Physical Security Controls

all

Implement physical security measures to prevent unauthorized physical access to workstations

🧯 If You Can't Patch

  • Implement strict physical security controls for affected workstations
  • Enable BIOS password protection and restrict BIOS access to authorized personnel only

🔍 How to Verify

Check if Vulnerable:

Check BIOS version in System Information (Windows: msinfo32, Linux: dmidecode -t bios) and compare with vulnerable versions

Check Version:

Windows: wmic bios get smbiosbiosversion | Linux: sudo dmidecode -s bios-version

Verify Fix Applied:

Verify BIOS version is 02.07.10 Rev.A or later using same methods

📡 Detection & Monitoring

Log Indicators:

  • Unexpected BIOS update attempts
  • Failed BIOS password attempts
  • System boot logs showing BIOS modifications

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

EventID=12 OR EventID=13 (System boot events) combined with suspicious user activity patterns

📊 Metadata

CVE ID: CVE-2023-6138
CVSS v3 Score: 7.9 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Published: February 14, 2024
Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON