CVE-2019-18913 Vulnerability Details

  /     /     /  

CVE-2019-18913 Metadata Quick Info

CVE Published: 31/01/2020 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: hp | Vendor: HP Inc. | Product: HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection.
Status : PUBLISHED

---

CVE-2019-18913 Description

A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software tools to modify UEFI code in memory. This affects HP Intel-based Business PCs that support Microsoft Windows 10 Kernel DMA protection. Affected versions depend on platform (prior to 01.04.02; or prior to 02.04.01; or prior to 02.04.02).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Possible Arbitrary Code Execution, Denial of Service, Information Disclosure.
Source: HP Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).