CVE-2023-6138

A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915	Vendor Advisory
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:z440_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z440_workstation:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:z640_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z640_workstation:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:z840_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z840_workstation:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-02-14 23:15

Updated : 2025-12-22 18:28

NVD link : CVE-2023-6138

Mitre link : CVE-2023-6138

CVE.ORG link : CVE-2023-6138

JSON object : View

Products Affected

hp

z640_workstation_firmware
z440_workstation_firmware
z640_workstation
z440_workstation
z840_workstation_firmware
z840_workstation

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-6138", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.5}]}, "published": "2024-02-14T23:15:08.093", "references": [{"url": "https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el BIOS del sistema para ciertas estaciones de trabajo HP, que podr\u00eda permitir una escalada de privilegios, la ejecuci\u00f3n de c\u00f3digo arbitrario o la denegaci\u00f3n de servicio. HP est\u00e1 lanzando medidas de mitigaci\u00f3n para la posible vulnerabilidad."}], "lastModified": "2025-12-22T18:28:02.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z440_workstation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AF1843D-5AFD-4517-83DE-E0777E8CC6C5", "versionEndExcluding": "2.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z440_workstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C19FBDF8-4762-4341-886E-1145CF5D9DEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z640_workstation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BC9748B-151F-46C1-B13C-74D7DA938B0F", "versionEndExcluding": "2.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z640_workstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C495E312-0337-42EC-9A0D-83CF3689A840"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z840_workstation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B64DA921-B013-4C84-9C32-AE19EE33291D", "versionEndExcluding": "2.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z840_workstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2B5C04D-4BFF-4BF3-AB55-B443990EF136"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}