CVE-2023-26299

Home/CVE/A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI

CVE

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

HIGH · CVSS 7 EPSS 0.00186

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition

▤

Affected Products & Versions

hp 260 g4 desktop mini firmware< 2.14
hp t430 firmware< 00.01.11
hp t628 firmware< 00.01.10
hp 240 g10 firmware< f.04
hp 245 g6 firmware< f.35
hp 245 g7 firmware< f.69
hp 245 g8 firmware< f.25
hp 247 g8 firmware< f.69
Show all 59 affected productshp 250 g10 firmware< f.05
hp 255 g10 firmware< f.08
hp 349 g7 firmware< f.28
hp 470 g10 firmware< f.02
hp 470 g9 firmware< f.05
hp zhan 99 g2 firmware< f.24
hp zhan 99 g4 firmware< f.08
hp vr backpack g2 firmware< f.28
hp 200 g3 firmwareall versions
hp 200 g4 22 all-in-one firmwareall versions
hp 200 pro g4 22 all-in-one firmwareall versions
hp 205 g4 22 all-in-one firmwareall versions
hp 205 pro g4 22 all-in-one firmwareall versions
hp 280 g3 firmwareall versions
hp 280 g4 firmwareall versions
hp 280 g4 microtower firmwareall versions
hp 280 g5 firmwareall versions
hp 280 g5 small form factor firmwareall versions
hp 280 g6 firmwareall versions
hp 280 g8 microtower firmwareall versions
hp 280 pro g3 firmwareall versions
hp 280 pro g4 microtower firmwareall versions
hp 280 pro g5 small form factor firmwareall versions
hp 282 g5 firmwareall versions
hp 282 g6 firmwareall versions
hp 282 pro g4 microtower firmwareall versions
hp 288 g5 firmwareall versions
hp 288 g6 firmwareall versions
hp 288 pro g4 microtower firmwareall versions
hp 290 g1 firmwareall versions
hp 290 g2 firmwareall versions
hp 290 g2 microtower firmwareall versions
hp 290 g3 firmwareall versions
hp 290 g3 small form factor firmwareall versions
hp 290 g4 firmwareall versions
hp desktop pro g1 microtower firmwareall versions
hp pro small form factor 280 g9 desktop firmwareall versions
hp pro small form factor 290 g9 desktop firmwareall versions
hp pro small form factor zhan 66 g9 desktop firmwareall versions
hp pro tower 200 g9 desktop firmwareall versions
hp pro tower 280 g9 desktop firmwareall versions
hp pro tower 290 g9 desktop firmwareall versions
hp pro tower zhan 99 g9 desktop firmwareall versions
hp proone 240 g10 firmwareall versions
hp proone 240 g9 firmwareall versions
hp proone 440 g3 firmwareall versions
hp proone 490 g3 firmwareall versions
hp proone 496 g3 firmwareall versions
hp z vr backpack g1 workstation firmwareall versions
hp zhan 86 pro g2 microtower firmwareall versions
hp zhan 99 pro g1 microtower firmwareall versions

▣

Scoring & Timeline

HIGH · CVSS v3.1 · hp-security-alert@hp.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD30 Jun 2023 · 04:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.hp.com/us-en/document/ish_8642715-8642746-16/hpsbhf03850PatchVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin