CVE-2023-5409

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_9441200-9441233-16	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:hp:t430_thin_client:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:t430_thin_client_firmware:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:hp:t638_thin_client:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:t638_thin_client_firmware:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-10-13 17:15

Updated : 2023-10-20 15:42

NVD link : CVE-2023-5409

Mitre link : CVE-2023-5409

CVE.ORG link : CVE-2023-5409

JSON object : View

Products Affected

hp

t638_thin_client_firmware
t430_thin_client
t430_thin_client_firmware
t638_thin_client

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-5409", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2023-10-13T17:15:09.713", "references": [{"url": "https://support.hp.com/us-en/document/ish_9441200-9441233-16", "tags": ["Patch", "Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability."}, {"lang": "es", "value": "HP es consciente de una posible vulnerabilidad de seguridad en las PC Thin Client HP t430 y t638. Estos modelos pueden ser susceptibles a un ataque f\u00edsico, lo que permite que una fuente no confiable altere el firmware del sistema utilizando una clave privada divulgada p\u00fablicamente. HP proporciona orientaci\u00f3n recomendada para que los clientes reduzcan la exposici\u00f3n a la vulnerabilidad potencial."}], "lastModified": "2023-10-20T15:42:22.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:t430_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33625E33-810C-441F-BFEC-A62CF2DC57BF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:t430_thin_client_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D57D386-8265-4EF7-B88A-A57F68233E1E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:t638_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "088B2E46-7977-4F8B-B440-471E188A84C3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:t638_thin_client_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86E50369-0AA4-41E1-A0BA-18C5C3F7FE91"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}