CVE-2023-6138

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

A

potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.

References

Link	Resource
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915	Vendor Advisory
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:z440_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z440_workstation:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:z640_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z640_workstation:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:z840_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z840_workstation:-:*:*:*:*:*:*:*

History

22 Dec 2025, 18:28

Type	Values Removed	Values Added
First Time		Hp z440 Workstation Firmware Hp z840 Workstation Hp z840 Workstation Firmware Hp z640 Workstation Hp z440 Workstation Hp z640 Workstation Firmware Hp
References	~~() https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915 -~~	() https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915 - Vendor Advisory
CPE		cpe:2.3:o:hp:z440_workstation_firmware:::::::: cpe:2.3:h:hp:z840_workstation:-:::::::* cpe:2.3:o:hp:z640_workstation_firmware:::::::: cpe:2.3:h:hp:z440_workstation:-:::::::* cpe:2.3:h:hp:z640_workstation:-:::::::* cpe:2.3:o:hp:z840_workstation_firmware::::::::
CWE		NVD-CWE-noinfo

21 Nov 2024, 22:15

Type	Values Removed	Values Added
References	~~() https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915 -~~	() https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915 -
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.9

Information

Published : 2024-02-14 23:15

Updated : 2025-12-22 18:28

NVD link : CVE-2023-6138

Mitre link : CVE-2023-6138

CVE.ORG link : CVE-2023-6138

JSON object : View

Products Affected

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-6138", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.5}]}, "published": "2024-02-14T23:15:08.093", "references": [{"url": "https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en el BIOS del sistema para ciertas estaciones de trabajo HP, que podr\u00eda permitir una escalada de privilegios, la ejecuci\u00f3n de c\u00f3digo arbitrario o la denegaci\u00f3n de servicio. HP est\u00e1 lanzando medidas de mitigaci\u00f3n para la posible vulnerabilidad."}], "lastModified": "2025-12-22T18:28:02.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z440_workstation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AF1843D-5AFD-4517-83DE-E0777E8CC6C5", "versionEndExcluding": "2.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z440_workstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C19FBDF8-4762-4341-886E-1145CF5D9DEE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z640_workstation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BC9748B-151F-46C1-B13C-74D7DA938B0F", "versionEndExcluding": "2.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z640_workstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C495E312-0337-42EC-9A0D-83CF3689A840"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z840_workstation_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B64DA921-B013-4C84-9C32-AE19EE33291D", "versionEndExcluding": "2.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z840_workstation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2B5C04D-4BFF-4BF3-AB55-B443990EF136"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}