{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-3661", "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "state": "PUBLISHED", "assignerShortName": "hp", "requesterUserId": "e0158710-d811-4b94-9318-6cef34bebe03", "dateReserved": "2021-07-23T00:21:54.040Z", "datePublished": "2022-11-21T21:19:42.950Z", "dateUpdated": "2022-12-12T12:11:04.548862Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability."}], "affected": [{"versions": [{"version": "See HP Security Bulletin reference for affected versions.", "status": "affected"}], "product": "HP Workstation BIOS", "vendor": "HP Inc."}], "references": [{"url": "https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770"}], "providerMetadata": {"orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp", "dateUpdated": "2022-12-12T12:11:04.548862Z"}, "x_generator": {"engine": "cveClient/1.0.13"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z1_all-in-one_g3_firmware:01.31:*:*:*:*:*:*:*", "matchCriteriaId": "52CB7D08-E352-49F5-8715-5055DDBDBD5B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z1_all-in-one_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "31DD86B2-0702-45EB-9CFE-E1F363E21CB3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_mini_g3_firmware:01.83:*:*:*:*:*:*:*", "matchCriteriaId": "1C60E47B-10F8-4238-9CED-979915F10C53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_mini_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E8E325E-4FB5-4BBD-8301-3655EE4C8E82", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_mini_g4_firmware:01.08.01:*:*:*:*:*:*:*", "matchCriteriaId": "68BFE14B-F4C7-460E-B075-40E413C437D2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_mini_g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AAB843A-8C23-4155-AA9A-A9638844B649", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_mini_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "matchCriteriaId": "30EF73CD-3EFC-41E6-99D2-EA225F9A2996", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_mini_g5:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A6F7EA4-D933-4043-8443-DB2D042161B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_small_form_factor_g4_firmware:01.08.01:*:*:*:*:*:*:*", "matchCriteriaId": "B369AF9A-02BC-4105-91AD-AAABAB25371E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_small_form_factor_g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "28D8DCE4-417D-447E-B30C-44B2AAE950F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_small_form_factor_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "matchCriteriaId": "51440732-CE12-41FF-95AD-3D98511741B2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_small_form_factor_g5:-:*:*:*:*:*:*:*", "matchCriteriaId": "078C37DD-2BF5-40D0-8607-38D290DF3C92", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_small_form_factor_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "matchCriteriaId": "78099425-DF2D-4D4E-B4CA-AC547DBDFC9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_small_form_factor_g8:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D3E8CE5-62F0-47ED-A8AC-47E7AC1920FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_tower_g4_firmware:01.08.01:*:*:*:*:*:*:*", "matchCriteriaId": "5D924016-9A41-4C27-BA5F-7B50C065097B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_tower_g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8CAC1DA-DC4B-470C-A351-278833DEF95A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_tower_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "matchCriteriaId": "B13189CB-2B18-4878-A623-3A58D933F2B5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_tower_g5:-:*:*:*:*:*:*:*", "matchCriteriaId": "62BD85D3-FE64-4879-8D6F-BD833DF70C72", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_tower_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "matchCriteriaId": "A89C5A54-D2FC-4686-ACA7-AC3719617F7D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_tower_g8:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEB82416-14CC-40F5-B1C0-1157A3EE7CFF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z238_microtower_firmware:01.83:*:*:*:*:*:*:*", "matchCriteriaId": "9F88D2DE-32FD-4490-BC0A-760966C22901", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z238_microtower:-:*:*:*:*:*:*:*", "matchCriteriaId": "4463B53C-10C9-4FCC-B209-7D3D0C04DF72", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z240_small_form_factor_firmware:01.83:*:*:*:*:*:*:*", "matchCriteriaId": "81E7AEB0-6D4D-4DE9-A9F6-EC8BF3DC62D2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z240_small_form_factor:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EA50241-E9BA-4B45-8450-76E83E64EB4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z240_tower_firmware:01.83:*:*:*:*:*:*:*", "matchCriteriaId": "E96E9CDC-1F2E-4F17-8A16-0F9B6E6926D6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z240_tower:-:*:*:*:*:*:*:*", "matchCriteriaId": "22F00DA1-F06E-4684-AFDD-540F4A95D25E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z4_g4_firmware:02.75:*:*:*:*:*:*:*", "matchCriteriaId": "216E6993-EC43-4A51-971F-F92AC8DDECFF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z4_g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "30BA646E-8BC4-4EFF-85A2-5F67781151A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z440_firmware:2.58:*:*:*:*:*:*:*", "matchCriteriaId": "5CAEEACE-2F7A-429C-96A0-94784BA7DCB0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z440:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2561F9F-C603-46AA-A6FD-7BF864DA46C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z6_g4_firmware:02.75:*:*:*:*:*:*:*", "matchCriteriaId": "CF1E074E-6EFC-4265-BD06-D9DDDC75C3DF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z6_g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "031EB2C6-6DC9-40FF-9720-B667BCAB6643", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z640_firmware:2.58:*:*:*:*:*:*:*", "matchCriteriaId": "ACA5EDF8-AC00-4C0E-B0F3-43A61680553B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z640:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0ABEB94-77A8-413D-A133-955BC1C59D84", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z8_g4_firmware:02.75:*:*:*:*:*:*:*", "matchCriteriaId": "531759D8-8F35-46C7-8580-6AB503125264", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z8_g4:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A13690A-BCCD-4C6A-93A5-B4B889823AA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:z840_firmware:2.58:*:*:*:*:*:*:*", "matchCriteriaId": "1908464A-E5AC-4636-A524-BF7BD147D572", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:z840:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E24183E-7790-425B-85C7-DBA62DE9DD2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:zcentral_4r_firmware:01.18:*:*:*:*:*:*:*", "matchCriteriaId": "E8466E68-60E7-4332-BDF8-221EEEA81A5C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:zcentral_4r:-:*:*:*:*:*:*:*", "matchCriteriaId": "619F29C4-D227-4DFC-9DC2-828CA4F94A37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en HP Workstation BIOS (firmware UEFI) que puede permitir la ejecuci\u00f3n de c\u00f3digo arbitrario. HP est\u00e1 lanzando mitigaciones de firmware para la posible vulnerabilidad."}], "id": "CVE-2021-3661", "lastModified": "2022-12-19T18:03:43.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-12T13:15:11.693", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}