CVE & CISA-KEV Catalog

CVE-2019-16284

HIGHEPSS 78th pctl
7.2
CVSS v3
NVD

Description

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250.

How to fix

Remediation Available
260 g1 dm firmwareNVD
Affected:< 2.27Fixed in:2.27CVE-2019-16284derived from NVD
280 pro g1 firmwareNVD
Affected:< 80.3Fixed in:80.3CVE-2019-16284derived from NVD
285 g2 firmwareNVD
Affected:< a0.23Fixed in:a0.23CVE-2019-16284derived from NVD
340 g3 firmwareNVD
Affected:< f.48Fixed in:f.48CVE-2019-16284derived from NVD
340 g4 firmwareNVD
Affected:< f.55Fixed in:f.55CVE-2019-16284derived from NVD
346 g3 firmwareNVD
Affected:< f.48Fixed in:f.48CVE-2019-16284derived from NVD
346 g4 firmwareNVD
Affected:< f.46Fixed in:f.46CVE-2019-16284derived from NVD
348 g3 firmwareNVD
Affected:< f.48Fixed in:f.48CVE-2019-16284derived from NVD
348 g4 firmwareNVD
Affected:< f.55Fixed in:f.55CVE-2019-16284derived from NVD
elite slice firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
elite x2 1011 g1 firmwareNVD
Affected:< 1.27Fixed in:1.27CVE-2019-16284derived from NVD
elite x2 1012 g1 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook 1030 g1 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook 1040 g2 firmwareNVD
Affected:< 1.17Fixed in:1.17CVE-2019-16284derived from NVD
elitebook 720 g1 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
elitebook 720 g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
elitebook 740 g1 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
elitebook 740 g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
elitebook 750 g1 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
elitebook 750 g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
elitebook 820 g1 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
elitebook 820 g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
elitebook 820 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook 828 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook 840 g1 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
elitebook 840 g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
elitebook 840 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook 848 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook 850 g1 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
elitebook 850 g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
elitebook 850 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook folio 1020 g1 firmwareNVD
Affected:< 1.24Fixed in:1.24CVE-2019-16284derived from NVD
elitebook folio 1040 g1 firmwareNVD
Affected:< 1.44Fixed in:1.44CVE-2019-16284derived from NVD
elitebook folio 1040 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook folio 9480m firmwareNVD
Affected:< 1.49Fixed in:1.49CVE-2019-16284derived from NVD
elitebook folio g1 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
elitebook revolve 810 g2 firmwareNVD
Affected:< 1.45Fixed in:1.45CVE-2019-16284derived from NVD
elitebook revolve 810 g3 firmwareNVD
Affected:< 1.2Fixed in:1.2CVE-2019-16284derived from NVD
elitedesk 800 g2 dm firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
elitedesk 800 g2 sff firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
elitedesk 800 g2 twr firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
eliteone 800 g2 aio firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
elitepad 1000 g2 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
mp9 g2 retail system firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
pro tablet 10 ee g1 firmwareNVD
Affected:< 1.31Fixed in:1.31CVE-2019-16284derived from NVD
pro tablet 608 g1 firmwareNVD
Affected:< 1.21Fixed in:1.21CVE-2019-16284derived from NVD
pro tablet 610 g1 firmwareNVD
Affected:< f.16Fixed in:f.16CVE-2019-16284derived from NVD
pro x2 612 g1 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
probook 11 g1 firmwareNVD
Affected:< 1.17Fixed in:1.17CVE-2019-16284derived from NVD
probook 11 g2 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
probook 430 g1 firmwareNVD
Affected:< 1.49Fixed in:1.49CVE-2019-16284derived from NVD
probook 430 g2 firmwareNVD
Affected:< 1.52Fixed in:1.52CVE-2019-16284derived from NVD
probook 430 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
probook 440 g1 firmwareNVD
Affected:< 1.49Fixed in:1.49CVE-2019-16284derived from NVD
probook 440 g2 firmwareNVD
Affected:< 1.52Fixed in:1.52CVE-2019-16284derived from NVD
probook 440 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
probook 450 g1 firmwareNVD
Affected:< 1.49Fixed in:1.49CVE-2019-16284derived from NVD
probook 450 g2 firmwareNVD
Affected:< 1.52Fixed in:1.52CVE-2019-16284derived from NVD
probook 450 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
probook 470 g1 firmwareNVD
Affected:< 1.49Fixed in:1.49CVE-2019-16284derived from NVD
probook 470 g2 firmwareNVD
Affected:< 1.52Fixed in:1.52CVE-2019-16284derived from NVD
probook 470 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
probook 640 g1 firmwareNVD
Affected:< 1.49Fixed in:1.49CVE-2019-16284derived from NVD
probook 640 g2 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
probook 650 g1 firmwareNVD
Affected:< 1.49Fixed in:1.49CVE-2019-16284derived from NVD
probook 650 g2 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
probook x360 11 g1 firmwareNVD
Affected:< 1.3Fixed in:1.3CVE-2019-16284derived from NVD
prodesk 400 g1 dm firmwareNVD
Affected:< 2.27Fixed in:2.27CVE-2019-16284derived from NVD
prodesk 400 g2.5 sff firmwareNVD
Affected:< 2.26Fixed in:2.26CVE-2019-16284derived from NVD
prodesk 400 g2 dm firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
prodesk 400 g3 sff firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
prodesk 405 g2 mt firmwareNVD
Affected:< 2.29Fixed in:2.29CVE-2019-16284derived from NVD
prodesk 480 g3 sff firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
prodesk 485 g2 mt firmwareNVD
Affected:< 2.29Fixed in:2.29CVE-2019-16284derived from NVD
prodesk 490 g2 mt firmwareNVD
Affected:< 2.31Fixed in:2.31CVE-2019-16284derived from NVD
prodesk 490 g3 sff firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
prodesk 498 g2 mt firmwareNVD
Affected:< 2.31Fixed in:2.31CVE-2019-16284derived from NVD
prodesk 498 g3 sff firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
prodesk 600 g2 dm firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
prodesk 600 g2 sff firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
proone 400 g2 aio firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
proone 600 g2 aio firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
rp2 retail system firmwareNVD
Affected:< 2.21Fixed in:2.21CVE-2019-16284derived from NVD
rp9 g1 retail system 9015 firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
rp9 g1 retail system 9018 firmwareNVD
Affected:< 2.42Fixed in:2.42CVE-2019-16284derived from NVD
sprout pro firmwareNVD
Affected:< a0.14Fixed in:a0.14CVE-2019-16284derived from NVD
z1 g3 firmwareNVD
Affected:< 1.26Fixed in:1.26CVE-2019-16284derived from NVD
z238 microtower firmwareNVD
Affected:< 1.77Fixed in:1.77CVE-2019-16284derived from NVD
z240 sff firmwareNVD
Affected:< 1.77Fixed in:1.77CVE-2019-16284derived from NVD
z240 tower firmwareNVD
Affected:< 1.77Fixed in:1.77CVE-2019-16284derived from NVD
z2 mini g3 firmwareNVD
Affected:< 1.77Fixed in:1.77CVE-2019-16284derived from NVD
zbook 14 firmwareNVD
Affected:< 1.48Fixed in:1.48CVE-2019-16284derived from NVD
zbook 14 g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
zbook 15 firmwareNVD
Affected:< 1.46Fixed in:1.46CVE-2019-16284derived from NVD
zbook 15 g2 firmwareNVD
Affected:< 1.25Fixed in:1.25CVE-2019-16284derived from NVD
zbook 15 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
zbook 15u g2 firmwareNVD
Affected:< 1.29Fixed in:1.29CVE-2019-16284derived from NVD
zbook 15u g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
zbook 17 firmwareNVD
Affected:< 1.46Fixed in:1.46CVE-2019-16284derived from NVD
zbook 17 g2 firmwareNVD
Affected:< 1.25Fixed in:1.25CVE-2019-16284derived from NVD
zbook 17 g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD
zbook studio g3 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2019-16284derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

1.96%probability of exploitation in 30 days
78thpercentile

Elevated risk: more likely to be exploited than 78% of all known CVEs.

References

Vendor Advisory1
Embed a live status badge for CVE-2019-16284
CVE-2019-16284 severity badge

Markdown

[![CVE-2019-16284](https://tridentstack.com/cve/badge/CVE-2019-16284.svg)](https://tridentstack.com/cve/CVE-2019-16284)

HTML

<a href="https://tridentstack.com/cve/CVE-2019-16284"><img src="https://tridentstack.com/cve/badge/CVE-2019-16284.svg" alt="CVE-2019-16284"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.