Vulnerability CVE-2016-2243


Published: 2016-03-04

Description:
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

Vendor: HP
Product: 800 series firmware 
Version: 2.1; 2.09;
Product: 700 series firmware 
Version:
2.09
2.07
2.05
1.08
1.05
Product: Z240 firmware 
Version: 1.11;
Product: Z238 firmware 
Version: 1.11;
Product: 1000 series firmware 
Version:
1.1
1.04
1.01
Product: Zbook firmware 
Version: 1.04; 1.03;
Product: Elitebook folio 1012 x2 g2 

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
7.8/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Complete

 References:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469

Related CVE
CVE-2018-7116
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7115
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7114
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
CVE-2018-7076
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.
CVE-2018-5921
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow el...
CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in earl...
CVE-2018-9069
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
CVE-2018-7109
HPE has addressed a remote arbitrary file modification vulnerability in HPE enhanced Internet Usage Manager (eIUM) v9.0FP1 with the cumulative patch for v9.0FP1 - eIUM90FP01XXX.YYYYMMDD-HHMM.

Copyright 2019, cxsecurity.com

 

Back to Top