Vulnerability CVE-2016-2243


Published: 2016-03-04   Modified: 2016-03-14

Description:
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

Vendor: HP
Product: 800 series firmware 
Version: 2.1; 2.09;
Product: 700 series firmware 
Version:
2.09
2.07
2.05
1.08
1.05
Product: Z238 firmware 
Version: 1.11;
Product: Z240 firmware 
Version: 1.11;
Product: 1000 series firmware 
Version:
1.1
1.04
1.01
Product: Zbook firmware 
Version: 1.04; 1.03;
Product: Elitebook folio 1012 x2 g2 

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
7.8/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Complete

 References:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469

Related CVE
CVE-2017-14354
A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.
CVE-2017-14353
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
CVE-2017-14352
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.
CVE-2017-14350
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.
CVE-2017-14351
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
CVE-2017-14349
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.
CVE-2017-13990
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
CVE-2017-13991
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

Copyright 2017, cxsecurity.com

 

Back to Top