CVE-2021-3661

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

References

Link	Resource
https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770	Vendor Advisory
https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:z1_all-in-one_g3_firmware:01.31:*:*:*:*:*:*:*

cpe:2.3:h:hp:z1_all-in-one_g3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:z2_mini_g3_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_mini_g3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:z2_mini_g4_firmware:01.08.01:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_mini_g4:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:z2_mini_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_mini_g5:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:z2_small_form_factor_g4_firmware:01.08.01:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_small_form_factor_g4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:z2_small_form_factor_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_small_form_factor_g5:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:z2_small_form_factor_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_small_form_factor_g8:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:z2_tower_g4_firmware:01.08.01:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_tower_g4:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:hp:z2_tower_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_tower_g5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:hp:z2_tower_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_tower_g8:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:hp:z238_microtower_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z238_microtower:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:hp:z240_small_form_factor_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z240_small_form_factor:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:hp:z240_tower_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z240_tower:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:hp:z4_g4_firmware:02.75:*:*:*:*:*:*:*

cpe:2.3:h:hp:z4_g4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:hp:z440_firmware:2.58:*:*:*:*:*:*:*

cpe:2.3:h:hp:z440:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:hp:z6_g4_firmware:02.75:*:*:*:*:*:*:*

cpe:2.3:h:hp:z6_g4:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:hp:z640_firmware:2.58:*:*:*:*:*:*:*

cpe:2.3:h:hp:z640:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:hp:z8_g4_firmware:02.75:*:*:*:*:*:*:*

cpe:2.3:h:hp:z8_g4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:hp:z840_firmware:2.58:*:*:*:*:*:*:*

cpe:2.3:h:hp:z840:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:hp:zcentral_4r_firmware:01.18:*:*:*:*:*:*:*

cpe:2.3:h:hp:zcentral_4r:-:*:*:*:*:*:*:*

History

29 Apr 2025, 05:15

Type	Values Removed	Values Added
CWE		CWE-94

21 Nov 2024, 06:22

Type	Values Removed	Values Added
References	~~() https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770 - Vendor Advisory~~	() https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770 - Vendor Advisory

Information

Published : 2022-12-12 13:15

Updated : 2025-04-29 05:15

NVD link : CVE-2021-3661

Mitre link : CVE-2021-3661

CVE.ORG link : CVE-2021-3661

JSON object : View

Products Affected

CWE

NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')

8.4 /10