Vulnerability CVE-2016-2243


Published: 2016-03-04

Description:
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

Vendor: HP
Product: 800 series firmware 
Version: 2.1; 2.09;
Product: 700 series firmware 
Version:
2.09
2.07
2.05
1.08
1.05
Product: Z240 firmware 
Version: 1.11;
Product: Z238 firmware 
Version: 1.11;
Product: 1000 series firmware 
Version:
1.1
1.04
1.01
Product: Zbook firmware 
Version: 1.04; 1.03;
Product: Elitebook folio 1012 x2 g2 

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
7.8/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Complete

 References:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469

Related CVE
CVE-2018-7100
A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could...
CVE-2018-7099
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information.
CVE-2018-7098
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.
CVE-2018-7097
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.
CVE-2018-7096
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.
CVE-2018-7095
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.
CVE-2018-7093
A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a d...
CVE-2018-5925
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.

Copyright 2018, cxsecurity.com

 

Back to Top