CVE-2023-26300
https://notcve.org/view.php?id=CVE-2023-26300
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability. Se ha identificado una posible vulnerabilidad de seguridad en el BIOS de System para Certain HP PC products que podría permitir una escalada de privilegios. HP está lanzando actualizaciones de firmware para mitigar la vulnerabilidad potencial. • https://support.hp.com/us-en/document/ish_9461800-9461828-16 •
CVE-2023-26299
https://notcve.org/view.php?id=CVE-2023-26299
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability. • https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2017-2751
https://notcve.org/view.php?id=CVE-2017-2751
A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. This applies to consumer notebooks launched in early 2014. Se ha notificado una vulnerabilidad de extracción de contraseñas de la BIOS en determinados notebooks de consumo con firmware F.22 y otros. La contraseña de la BIOS se almacenó en CMOS de forma que permitía su extracción. • https://github.com/BaderSZ/CVE-2017-2751 https://support.hp.com/us-en/document/c05913581 • CWE-522: Insufficiently Protected Credentials •