Vulnerability Details CVE-2019-18913
A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.0%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
Products affected by CVE-2019-18913
-
cpe:2.3:h:hp:elite_dragonfly:-
-
cpe:2.3:h:hp:elite_x2_g4:-
-
cpe:2.3:h:hp:elitebook_830_g6:-
-
cpe:2.3:h:hp:elitebook_836_g6:-
-
cpe:2.3:h:hp:elitebook_840_g6:-
-
cpe:2.3:h:hp:elitebook_840_g6_healthcare_edition:-
-
cpe:2.3:h:hp:elitebook_846_g6:-
-
cpe:2.3:h:hp:elitebook_846_g6_healthcare_edition:-
-
cpe:2.3:h:hp:elitebook_850_g6:-
-
cpe:2.3:h:hp:elitebook_x360_1030_g4:-
-
cpe:2.3:h:hp:elitebook_x360_1040_g6:-
-
cpe:2.3:h:hp:elitebook_x360_830_g6:-
-
cpe:2.3:h:hp:elitedesk_800_g5_dm:-
-
cpe:2.3:h:hp:elitedesk_800_g5_sff:-
-
cpe:2.3:h:hp:elitedesk_800_g5_twr:-
-
cpe:2.3:h:hp:eliteone_800_g5_aio:-
-
cpe:2.3:h:hp:probook_640_g5:-
-
cpe:2.3:h:hp:probook_650_g5:-
-
cpe:2.3:h:hp:prodesk_400_g5_dm:-
-
cpe:2.3:h:hp:prodesk_400_g6_mt:-
-
cpe:2.3:h:hp:prodesk_400_g6_sff:-
-
cpe:2.3:h:hp:prodesk_480_g6_mt:-
-
cpe:2.3:h:hp:prodesk_600_g5_dm:-
-
cpe:2.3:h:hp:prodesk_600_g5_mt:-
-
cpe:2.3:h:hp:prodesk_600_g5_pci_mt:-
-
cpe:2.3:h:hp:prodesk_600_g5_sff:-
-
cpe:2.3:h:hp:proone_400_g5_aio:-
-
cpe:2.3:h:hp:proone_440_g5_aio:-
-
cpe:2.3:h:hp:proone_600_g5_aio:-
-
cpe:2.3:h:hp:zbook_14u_g6_mobile_workstation:-
-
cpe:2.3:h:hp:zbook_15u_g6_mobile_workstation:-
-
cpe:2.3:h:hp:zbook_17u_g6_mobile_workstation:-
-
cpe:2.3:h:hp:zhan_x_13_g2:-
-
cpe:2.3:o:hp:elite_dragonfly_firmware:-
-
cpe:2.3:o:hp:elite_x2_g4_firmware:-
-
cpe:2.3:o:hp:elitebook_830_g6_firmware:-
-
cpe:2.3:o:hp:elitebook_836_g6_firmware:-
-
cpe:2.3:o:hp:elitebook_840_g6_firmware:-
-
cpe:2.3:o:hp:elitebook_840_g6_healthcare_edition_firmware:-
-
cpe:2.3:o:hp:elitebook_846_g6_firmware:-
-
cpe:2.3:o:hp:elitebook_846_g6_healthcare_edition_firmware:-
-
cpe:2.3:o:hp:elitebook_850_g6_firmware:-
-
cpe:2.3:o:hp:elitebook_x360_1030_g4_firmware:-
-
cpe:2.3:o:hp:elitebook_x360_1040_g6_firmware:-
-
cpe:2.3:o:hp:elitebook_x360_830_g6_firmware:-
-
cpe:2.3:o:hp:elitedesk_800_g5_dm_firmware:-
-
cpe:2.3:o:hp:elitedesk_800_g5_sff_firmware:-
-
cpe:2.3:o:hp:elitedesk_800_g5_twr_firmware:-
-
cpe:2.3:o:hp:eliteone_800_g5_aio_firmware:-
-
cpe:2.3:o:hp:probook_640_g5_firmware:-
-
cpe:2.3:o:hp:probook_650_g5_firmware:-
-
cpe:2.3:o:hp:prodesk_400_g5_dm_firmware:-
-
cpe:2.3:o:hp:prodesk_400_g6_mt_firmware:-
-
cpe:2.3:o:hp:prodesk_400_g6_sff_firmware:-
-
cpe:2.3:o:hp:prodesk_480_g6_mt_firmware:-
-
cpe:2.3:o:hp:prodesk_600_g5_dm_firmware:-
-
cpe:2.3:o:hp:prodesk_600_g5_mt_firmware:-
-
cpe:2.3:o:hp:prodesk_600_g5_pci_mt_firmware:-
-
cpe:2.3:o:hp:prodesk_600_g5_sff_firmware:-
-
cpe:2.3:o:hp:proone_400_g5_aio_firmware:-
-
cpe:2.3:o:hp:proone_440_g5_aio_firmware:-
-
cpe:2.3:o:hp:proone_600_g5_aio_firmware:-
-
cpe:2.3:o:hp:zbook_14u_g6_mobile_workstation_firmware:-
-
cpe:2.3:o:hp:zbook_15u_g6_mobile_workstation_firmware:-
-
cpe:2.3:o:hp:zbook_17u_g6_mobile_workstation_firmware:-
-
cpe:2.3:o:hp:zhan_x_13_g2_firmware:-