CVE-2019-6321

HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is disabled by default.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hp:z4_g4_workstation_firmware:*:*:*:*:*:linux:*:*
cpe:2.3:h:hp:z4_g4_workstation:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:hp:z4_g4_core-x_workstation_firmware:*:*:*:*:*:linux:*:*
cpe:2.3:h:hp:z4_g4_core-x_workstation:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:hp:z6_g4_workstation_firmware:*:*:*:*:*:linux:*:*
cpe:2.3:h:hp:z6_g4_workstation:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:hp:z8_g4_workstation_firmware:*:*:*:*:*:linux:*:*
cpe:2.3:h:hp:z8_g4_workstation:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:46

Type Values Removed Values Added
References () https://support.hp.com/us-en/document/c06318199 - Patch, Vendor Advisory () https://support.hp.com/us-en/document/c06318199 - Patch, Vendor Advisory

Information

Published : 2019-05-29 20:29

Updated : 2024-11-21 04:46


NVD link : CVE-2019-6321

Mitre link : CVE-2019-6321

CVE.ORG link : CVE-2019-6321


JSON object : View

Products Affected

hp

  • z4_g4_workstation_firmware
  • z4_g4_core-x_workstation
  • z8_g4_workstation
  • z4_g4_workstation
  • z6_g4_workstation_firmware
  • z8_g4_workstation_firmware
  • z6_g4_workstation
  • z4_g4_core-x_workstation_firmware
CWE
CWE-667

Improper Locking