Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

A security vulnerability has been found in Cisco gear used in data centers, large enterprises, industrial factories, power plants, manufacturing centers, and smart city power grids that could allow cyberattackers unfettered access to these devices and broader networks.

In a report published on Feb. 1, researchers from Trellix revealed the bug, one of two vulnerabilities discovered that affect the following Cisco networking devices:

*   Cisco ISR 4431 routers
*   800 Series Industrial ISRs
*   CGR1000 Compute Modules
*   IC3000 Industrial Compute Gateways
*   IOS XE-based devices configured with IOx
*   IR510 WPAN Industrial Routers
*   Cisco Catalyst Access points

One bug — CSCwc67015 — was spotted in yet-to-be-released code. It could have allowed hackers to remotely execute their own code, and potentially overwrite most of the files on the device.

The second, arguably nastier, bug — CVE-2023-20076 — found in production equipment, is a command-injection flaw that could open the door to unauthorized root-level access and remote code execution (RCE). This would have entailed not just total control over a device's operating system but also persistence through any upgrades or reboots, despite Cisco's guardrails against such a scenario.

Given that Cisco networking equipment is used worldwide in data centers, enterprises, and government organizations, and it's the most common footprint at industrial sites, the impact of the flaws could be notable, according to Trellix.

“In the world of routers, switches, and networking, Cisco is the current king of the market," Sam Quinn, senior security researcher with the Trellix Advanced Research Center, tells Dark Reading. "We would say that thousands of businesses could potentially be impacted.”

**Inside the Latest Cisco Security Bugs**

The two vulnerabilities are a byproduct of a shift in the nature of routing technologies, according to Trellix. Network administrators today have the ability to deploy application containers or even entire virtual machines on these miniature-server-routers. With this greater complexity comes both greater functionality, and a wider attack surface.

"Modern routers now function like high-powered servers," the authors of the report explained, "with many Ethernet ports running not only routing software but, in some cases, even multiple containers."

Both CSCwc67015 and CVE-2023-20076 arise from the router's advanced application hosting environment.

CSCwc67015 reflects how, in the hosting environment, "a maliciously packed application could bypass a vital security check while uncompressing the uploaded application." The check attempted to secure the system against a 15-year-old path traversal vulnerability in a Python module that Trellix itself had identified last September, CVE-2007-4559. With a "moderate" CVSS v3 score of 5.5, it allowed malicious actors to overwrite arbitrary files.

Meanwhile, the bug tracked as CVE-2023-20076 similarly takes advantage of the ability to deploy application containers and virtual machines to Cisco routers. In this case, it has to do with how admins pass commands to run their applications.

"The 'DHCP Client ID' option within the Interface Settings was not correctly being sanitized," the researchers discovered, which allowed them root-level access to the device, connoting "the ability to inject any OS command of our choosing."

A hacker who abused this power "could have a significant impact on the device's functionality and the overall security of the network," Quinn explains, including "modifying or disabling security features, exfiltrating data, disrupting network traffic, spreading malware, and running rogue processes."

The bad news doesn’t end there, though. The authors of the report highlighted how "Cisco heavily prioritizes security in a way that attempts to prevent an attack from remaining a problem through reboots and system resets." However, in a proof-of-concept video, they demonstrated how exploitation of the command-injection bug could lead to completely unfettered access, allowing a malicious container to persist through device reboots or firmware upgrades. This leaves only two possible solutions for removal: a full-on factory reset or manually identifying and removing the malicious code.

**Cisco Industrial Gear: Potential Supply Chain Risk**

If there's a silver lining to these bugs, it's that exploiting either would require admin-level access over a relevant Cisco device. A hurdle, granted, but hackers obtain administrative privileges all the time from their victims, through regular social engineering and escalation. The researchers also noted how, often, users don't bother to change the default username and password, leaving no protection whatsoever for this most sensitive account.

One must also consider the supply chain risk. The authors highlighted how many organizations purchase networking devices from third-party sellers, or use third-party service providers for their device configuration and network design. A malicious vendor could utilize a vulnerability like CVE-2023-20076 to do some very easy, subtle, and powerful tampering.

The sheer degree of access this hole provides "could allow for backdoors to be installed and hidden, making the tampering entirely transparent for the end user," the authors explained. Of course, the overwhelming majority of third-party service providers are perfectly honest businesses. But those businesses may themselves be compromised, making it a moot point.

In concluding their report, the Trellix researchers urged organizations to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don't run containers disable the IOx container framework entirely. Most important of all, they emphasized, was that "organizations with affected devices should update to the latest firmware immediately."

To protect themselves, users should apply the patch as soon as possible.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-23132: GitHub - l00neyhacker/CVE-2023-23132: CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

**CVE-2023-23131**

CVE-2023-23131

Selfwealth iOS mobile App Version 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11.

App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end.

CVE-2023-23131: GitHub - l00neyhacker/CVE-2023-23131: CVE-2023-23131

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-23692

Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system.

8.8

CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More information**

iDRAC9

CVE-2022-24422

See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Intel BIOS

CVE-2021-0060

See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities

CVE-2021-28210

CVE-2021-28211

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

OpenSSH

CVE-2021-41617

https://nvd.nist.gov/vuln/detail/CVE-2021-41617  
https://nvd.nist.gov/vuln/detail/CVE-2020-14145  
https://nvd.nist.gov/vuln/detail/CVE-2016-20012

CVE-2020-14145

CVE-2016-20012

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-23692

Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system.

8.8

CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More information**

iDRAC9

CVE-2022-24422

See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Intel BIOS

CVE-2021-0060

See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities

CVE-2021-28210

CVE-2021-28211

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

OpenSSH

CVE-2021-41617

https://nvd.nist.gov/vuln/detail/CVE-2021-41617  
https://nvd.nist.gov/vuln/detail/CVE-2020-14145  
https://nvd.nist.gov/vuln/detail/CVE-2016-20012

CVE-2020-14145

CVE-2016-20012

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-24422

PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.2 and later to stay on LTS 7.7

For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):

*   81247: Data Domain: DD OS Software Versions
*   14125: Data Domain Operating System Software Portal Availability Policy

CVE-2021-0060

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

CVE-2021-28210

CVE-2021-28211

CVE-2022-0778

PowerProtect DD  
DDOS and DDMC

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.3 and later to stay on LTS

CVE-2021-41617

CVE-2020-14145

LTS 7.7.1 to 7.7.2

7.7.3 and later

CVE-2016-20012

6.2.1.80 and earlier

6.2.1.90 and later

CVE-2023-23692

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-24422

PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.2 and later to stay on LTS 7.7

For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):

*   81247: Data Domain: DD OS Software Versions
*   14125: Data Domain Operating System Software Portal Availability Policy

CVE-2021-0060

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

CVE-2021-28210

CVE-2021-28211

CVE-2022-0778

PowerProtect DD  
DDOS and DDMC

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.3 and later to stay on LTS

CVE-2021-41617

CVE-2020-14145

LTS 7.7.1 to 7.7.2

7.7.3 and later

CVE-2016-20012

6.2.1.80 and earlier

6.2.1.90 and later

CVE-2023-23692

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-07-07

Initial Release

1.1

2022-07-12

Edited versions in Affected Products and Remediation Table Affected Version Column

1.2

2022-08-31

Added "7.7.3 and above" to Affected Products and Remediation Table

1.3

2022-01-12

Added CVE-2023-23692 to Proprietary Code Table. 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA , Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain ...

27 tammik. 2023

CVE-2023-23692: DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

CVE-2021-3439: BIOS June 2021 Security Updates

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

CVE-2022-27537: HP PC BIOS August 2022 Additional Updates for Potential SMM and TOCTOU Vulnerabilities

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

HP Elite Mini 600 G9 Desktop PC

BIOS

02.06.00

Rev 1

SP143258

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143258.exe

HP Elite Mini 800 G9 Desktop PC

BIOS

02.06.00

Rev 1

SP143258

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143258.exe

HP Elite SFF 600 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite SFF 800 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Slice

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice for Meeting Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 - Audio Ready with Zoom Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 - Partner Ready with Microsoft Teams Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 with Microsoft Teams Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 with Intel Unite

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 with Zoom Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Tower 600 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Tower 680 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Tower 800 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Tower 880 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP EliteDesk 705 G4 Desktop Mini PC

BIOS

02.20.00

Rev 1

SP143221

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143221.exe

HP EliteDesk 705 G4 Microtower PC

BIOS

02.20.00

Rev 1

SP143360

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143360.exe

HP EliteDesk 705 G4 Small Form Factor PC

BIOS

02.20.00

Rev 1

SP143193

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143193.exe

HP EliteDesk 705 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP143211

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143211.exe

HP EliteDesk 705 G5 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP142686

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142686.exe

HP EliteDesk 800 35W G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142728

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142728.exe

HP EliteDesk 800 35W G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143306

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143306.exe

HP EliteDesk 800 65W G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142728

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142728.exe

HP EliteDesk 800 65W G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143306

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143306.exe

HP EliteDesk 800 95W G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143306

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143306.exe

HP EliteDesk 800 G3 Small Form Factor PC

BIOS

02.44

Rev 1

SP143373

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143373.exe

HP EliteDesk 800 G3 Tower PC

BIOS

02.44

Rev 1

SP143373

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143373.exe

HP EliteDesk 800 G4 Small Form Factor PC

BIOS

02.21.00

Rev 1

SP143335

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143335.exe

HP EliteDesk 800 G4 Tower PC

BIOS

02.21.00

Rev 1

SP143335

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143335.exe

HP EliteDesk 800 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP142789

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142789.exe

HP EliteDesk 800 G5 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP143308

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143308.exe

HP EliteDesk 800 G5 Tower PC

BIOS

02.15.00

Rev 1

SP143308

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143308.exe

HP EliteDesk 800 G6 Desktop Mini PC

BIOS

02.13.00

Rev 1

SP143177

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143177.exe

HP EliteDesk 800 G6 Small Form Factor PC

BIOS

02.13.00

Rev 1

Sp143278

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143278.exe

HP EliteDesk 800 G6 Tower PC

BIOS

02.13.00

Rev 1

Sp143278

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143278.exe

HP EliteDesk 800 G8 Desktop Mini PC

BIOS

02.10.00

Rev 1

SP143361

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143361.exe

HP EliteDesk 800 G8 Small Form Factor PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP EliteDesk 800 G8 Tower PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP EliteDesk 805 G6 Desktop Mini PC

BIOS

02.10.00

Rev 1

SP143181

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143181.exe

HP EliteDesk 805 G6 Small Form Factor PC

BIOS

02.10.00

Rev 1

SP143179

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143179.exe

HP EliteDesk 805 G8 Desktop Mini PC

BIOS

02.06.00

Rev 1

SP143183

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143183.exe

HP EliteDesk 805 G8 Small Form Factor PC

BIOS

02.06.00

Rev 1

SP143312

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143312.exe

HP EliteDesk 880 G3 Tower PC

BIOS

02.44

Rev 1

SP143373

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143373.exe

HP EliteDesk 880 G4 Tower PC

BIOS

02.21.00

Rev 1

SP143335

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143335.exe

HP EliteDesk 880 G5 Tower PC

BIOS

02.15.00

Rev 1

SP143308

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143308.exe

HP EliteDesk 880 G6 Tower PC

BIOS

02.13.00

Rev 1

Sp143278

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143278.exe

HP EliteDesk 880 G8 Tower PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP EliteOne 1000 G1 23.8-in All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G1 23.8-in Touch All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G1 27-in 4K UHD All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G1 34-in Curved All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G2 23.8-in All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 1000 G2 23.8-in Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 1000 G2 27-in 4K UHD All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 1000 G2 34-in Curved All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 800 G3 23.8 Non-Touch Healthcare Edition All-in-One Business PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Non-Touch All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Non-Touch GPU All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Touch All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Touch GPU All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G4 23.8-in Healthcare Edition All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Non-Touch All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Non-Touch GPU All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Touch All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Touch GPU All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G5 23.8-in Healthcare Edition All-in-One

BIOS

02.15.00

Rev 1

SP143218

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143218.exe

HP EliteOne 800 G5 23.8-inch All-in-One

BIOS

02.15.00

Rev 1

SP143218

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143218.exe

HP EliteOne 800 G6 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143213

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143213.exe

HP EliteOne 800 G6 27 All-in-One PC

BIOS

02.13.00

Rev 1

SP143213

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143213.exe

HP EliteOne 800 G8 24 All-in-One PC

BIOS

02.10.00

Rev 1

SP143346

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143346.exe

HP EliteOne 800 G8 27 All-in-One PC

BIOS

02.10.00

Rev 1

SP143346

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143346.exe

HP EliteOne 840 23.8 inch G9 All-in-One Desktop PC

BIOS

02.06.00

Rev 1

SP143270

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143270.exe

HP EliteOne 870 27 inch G9 All-in-One Desktop PC

BIOS

02.06.00

Rev 1

SP143270

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143270.exe

HP Pro Mini 400 G9 Desktop PC

BIOS

02.06.00

Rev 1

SP143259

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143259.exe

HP Pro SFF 400 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143124

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143124.exe

HP Pro Tower 400 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143124

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143124.exe

HP Pro Tower 480 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143124

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143124.exe

HP ProDesk 400 G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142730

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142730.exe

HP ProDesk 400 G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143318

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143318.exe

HP ProDesk 400 G4 Small Form Factor PC

BIOS

02.44

Rev 1

SP142713

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142713.exe

HP ProDesk 400 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP142788

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142788.exe

HP ProDesk 400 G5 Microtower PC

BIOS

02.21.00

Rev 1

SP143354

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143354.exe

HP ProDesk 400 G5 Small Form Factor PC

BIOS

02.21.00

Rev 1

SP142731

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142731.exe

HP ProDesk 400 G6 Desktop Mini PC

BIOS

02.13.00

Rev 1

SP143232

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143232.exe

HP ProDesk 400 G6 Microtower PC

BIOS

02.15.00

Rev 1

SP143328

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143328.exe

HP ProDesk 400 G6 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP143347

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143347.exe

HP ProDesk 400 G7 Microtower PC

BIOS

02.13.00

Rev 1

SP143290

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143290.exe

HP ProDesk 400 G7 Small Form Factor PC

BIOS

02.13.00

Rev 1

SP143344

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143344.exe

HP ProDesk 405 G4 Desktop Mini PC

BIOS

02.20.00

Rev 1

SP143220

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143220.exe

HP ProDesk 405 G6 Desktop Mini PC

BIOS

02.10.00

Rev 1

SP143182

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143182.exe

HP ProDesk 405 G6 Small Form Factor PC

BIOS

02.10.00

Rev 1

SP143189

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143189.exe

HP ProDesk 405 G8 Desktop Mini PC

BIOS

02.06.00

Rev 1

SP143184

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143184.exe

HP ProDesk 405 G8 Small Form Factor PC

BIOS

02.06.00

Rev 1

SP143307

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143307.exe

HP ProDesk 480 G4 Microtower PC

BIOS

02.44

Rev 1

SP143381

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143381.exe

HP ProDesk 480 G5 Microtower PC

BIOS

02.21.00

Rev 1

SP143354

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143354.exe

HP ProDesk 480 G6 Microtower PC

BIOS

02.15.00

Rev 1

SP143328

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143328.exe

HP ProDesk 480 G7 PCI Microtower PC

BIOS

02.13.00

Rev 1

SP143290

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143290.exe

HP ProDesk 600 G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142729

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142729.exe

HP ProDesk 600 G3 Microtower PC

BIOS

02.44

Rev 1

SP143379

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143379.exe

HP ProDesk 600 G3 Small Form Factor PC

BIOS

02.44

Rev 1

SP142708

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142708.exe

HP ProDesk 600 G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143315

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143315.exe

HP ProDesk 600 G4 Microtower PC

BIOS

02.21.00

Rev 1

SP143339

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143339.exe

HP ProDesk 600 G4 Small Form Factor PC

BIOS

02.21.00

Rev 1

SP142727

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142727.exe

HP ProDesk 600 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP142790

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142790.exe

HP ProDesk 600 G5 Microtower PC

BIOS

02.15.00

Rev 1

SP143326

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143326.exe

HP ProDesk 600 G5 Microtower PC (with PCI slot)

BIOS

02.15.00

Rev 1

SP143326

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143326.exe

HP ProDesk 600 G5 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP143345

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143345.exe

HP ProDesk 600 G6 Desktop Mini PC

BIOS

02.13.00

Rev 1

SP143227

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143227.exe

HP ProDesk 600 G6 Microtower PC

BIOS

02.13.00

Rev 1

SP143288

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143288.exe

HP ProDesk 600 G6 PCI Microtower PC

BIOS

02.13.00

Rev 1

SP143288

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143288.exe

HP ProDesk 600 G6 Small Form Factor PC

BIOS

02.13.00

Rev 1

SP143337

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143337.exe

HP ProDesk 680 G3 Microtower PC

BIOS

02.44

Rev 1

SP143379

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143379.exe

HP ProDesk 680 G4 Microtower PC (With PCI slot)

BIOS

02.21.00

Rev 1

SP143329

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143329.exe

HP ProDesk 680 G6 PCI Microtower PC

BIOS

02.13.00

Rev 1

SP143288

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143288.exe

HP ProOne 400 G3 20-inch Non-Touch All-in-One PC

BIOS

02.44

Rev 1

SP142699

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142699.exe

HP ProOne 400 G3 20-inch Touch All-in-One PC

BIOS

02.44

Rev 1

SP142699

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142699.exe

HP ProOne 400 G4 20-inch Non-Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 400 G4 23.8-inch Non-Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 400 G5 20-inch All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 400 G5 23.8-inch All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 400 G6 20 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ProOne 400 G6 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ProOne 440 23.8 inch G9 All-in-One Desktop PC

BIOS

02.06.02

Rev 1

SP143679

https://ftp.hp.com/pub/softpaq/sp143501-144000/sp143679.exe

HP ProOne 440 G4 23.8-inch Non-Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 440 G5 23.8-in All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 440 G6 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ProOne 480 G3 20-inch Non-Touch All-in One PC

BIOS

02.44

Rev 1

SP142699

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142699.exe

HP ProOne 600 G3 21.5-inch Non-Touch All-in-One PC

BIOS

02.44

Rev 1

SP142696

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142696.exe

HP ProOne 600 G4 21.5-inch Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 600 G5 21.5-in All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 600 G6 22 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP Z1 G8 Tower Desktop PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP ZHAN 66 Pro G3 22 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ZHAN 66 Pro G3 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ZHAN 99 Pro 23.8 inch G9 All-in-One Desktop PC

BIOS

02.06.02

Rev 1

SP143679

https://ftp.hp.com/pub/softpaq/sp143501-144000/sp143679.exe

CVE-2022-27538: HP PC BIOS December 2022 Security Update (TOCTOU)

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

HP Elite Slice for Meeting Rooms

BIOS

2.55

Rev 1

SP136953

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136953.exe

HP Elite Slice G2 - Audio Ready with Zoom Rooms

BIOS

2.55

Rev 1

SP136953

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136953.exe

HP Elite Slice G2 - Partner Ready with Microsoft Teams Rooms

BIOS

2.55

Rev 1

SP136953

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136953.exe

HP Elite Slice G2 with Microsoft Teams Rooms

BIOS

2.55

Rev 1

SP136953

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136953.exe

HP Elite Slice G2 with Intel Unite

BIOS

2.55

Rev 1

SP136953

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136953.exe

HP Elite Slice G2 with Zoom Rooms

BIOS

2.55

Rev 1

SP136953

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136953.exe

HP EliteDesk 705 G3 Desktop Mini PC

BIOS

02.38

Rev 1

SP139824

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139824.exe

HP EliteDesk 705 G3 Microtower PC

BIOS

02.38

Rev 1

SP139855

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139855.exe

HP EliteDesk 705 G3 Small Form Factor PC

BIOS

02.38

Rev 1

SP139855

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139855.exe

HP EliteDesk 705 G4 Desktop Mini PC

BIOS

02.17.00

Rev 1

SP136818

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136818.exe

HP EliteDesk 705 G4 Microtower PC

BIOS

02.17.00

Rev 1

SP137054

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137054.exe

HP EliteDesk 705 G4 Small Form Factor PC

BIOS

02.12.00

Rev 1

SP137069

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137069.exe

HP EliteDesk 705 G4 Workstation Edition

BIOS

02.17.00

Rev 1

SP137054

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137054.exe

HP EliteDesk 705 G5 Desktop Mini PC

BIOS

02.11.00

Rev 1

SP136520

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136520.exe

HP EliteDesk 705 G5 Small Form Factor PC

BIOS

02.11.00

Rev 1

SP136508

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136508.exe

HP EliteDesk 800 35W G3 Desktop Mini PC

BIOS

02.40

Rev 3

SP139781

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139781.exe

HP EliteDesk 800 35W G4 Desktop Mini PC

BIOS

02.18.00

Rev 1

SP136969

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136969.exe

HP EliteDesk 800 65W G3 Desktop Mini PC

BIOS

02.40

Rev 3

SP139781

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139781.exe

HP EliteDesk 800 65W G4 Desktop Mini PC

BIOS

02.18.00

Rev 1

SP136969

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136969.exe

HP EliteDesk 800 95W G4 Desktop Mini PC

BIOS

02.18.00

Rev 1

SP136969

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136969.exe

HP EliteDesk 800 G3 Small Form Factor PC

BIOS

02.40

Rev 1

SP139852

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139852.exe

HP EliteDesk 800 G3 Tower PC

BIOS

02.40

Rev 1

SP139852

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139852.exe

HP EliteDesk 800 G4 Small Form Factor PC

BIOS

02.17.00

Rev 1

SP136495

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136495.exe

HP EliteDesk 800 G4 Tower PC

BIOS

02.17.00

Rev 1

SP136495

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136495.exe

HP EliteDesk 800 G4 Workstation Edition

BIOS

02.17.00

Rev 1

SP136495

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136495.exe

HP EliteDesk 800 G5 Desktop Mini PC

BIOS

02.11.00

Rev 1

SP136572

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136572.exe

HP EliteDesk 800 G5 Small Form Factor PC

BIOS

02.11.00

Rev 1

SP136499

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136499.exe

HP EliteDesk 800 G5 Tower PC

BIOS

02.11.00

Rev 1

SP136499

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136499.exe

HP EliteDesk 880 G3 Tower PC

BIOS

02.40

Rev 1

SP139852

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139852.exe

HP EliteDesk 880 G4 Tower PC

BIOS

02.17.00

Rev 1

SP136495

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136495.exe

HP EliteDesk 880 G5 Tower PC

BIOS

02.11.00

Rev 1

SP136499

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136499.exe

HP EliteOne 1000 G1 23.8-in All-in-One Business PC

BIOS

02.40

Rev 1

SP139698

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139698.exe

HP EliteOne 1000 G1 23.8-in Touch All-in-One Business PC

BIOS

02.40

Rev 1

SP139698

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139698.exe

HP EliteOne 1000 G1 27-in 4K UHD All-in-One Business PC

BIOS

02.40

Rev 1

SP139698

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139698.exe

HP EliteOne 1000 G1 34-in Curved All-in-One Business PC

BIOS

02.40

Rev 1

SP139698

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139698.exe

HP EliteOne 1000 G2 23.8-in All-in-One Business PC

BIOS

02.18.00

Rev 1

SP136988

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136988.exe

HP EliteOne 1000 G2 23.8-in Touch All-in-One Business PC

BIOS

02.18.00

Rev 1

SP136988

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136988.exe

HP EliteOne 1000 G2 27-in 4K UHD All-in-One Business PC

BIOS

02.18.00

Rev 1

SP136988

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136988.exe

HP EliteOne 1000 G2 34-in Curved All-in-One Business PC

BIOS

02.18.00

Rev 1

SP136988

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136988.exe

HP EliteOne 800 G3 23.8 Non-Touch Healthcare Edition All-in-One Business PC

BIOS

02.40

Rev 1

SP139797

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139797.exe

HP EliteOne 800 G3 23.8-inch Non-Touch All-in-One PC

BIOS

02.40

Rev 1

SP139797

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139797.exe

HP EliteOne 800 G3 23.8-inch Non-Touch GPU All-in-One PC

BIOS

02.40

Rev 1

SP139797

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139797.exe

HP EliteOne 800 G3 23.8-inch Touch All-in-One PC

BIOS

02.40

Rev 1

SP139797

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139797.exe

HP EliteOne 800 G3 23.8-inch Touch GPU All-in-One PC

BIOS

02.40

Rev 1

SP139797

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139797.exe

HP EliteOne 800 G4 23.8-in Healthcare Edition All-in-One Business PC

BIOS

02.18.00

Rev 1

SP137015

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137015.exe

HP EliteOne 800 G4 23.8-inch Non-Touch All-in-One PC

BIOS

02.18.00

Rev 1

SP137015

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137015.exe

HP EliteOne 800 G4 23.8-inch Non-Touch GPU All-in-One PC

BIOS

02.18.00

Rev 1

SP137015

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137015.exe

HP EliteOne 800 G4 23.8-inch Touch All-in-One PC

BIOS

02.18.00

Rev 1

SP137015

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137015.exe

HP EliteOne 800 G4 23.8-inch Touch GPU All-in-One PC

BIOS

02.18.00

Rev 1

SP137015

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137015.exe

HP EliteOne 800 G5 23.8-in Healthcare Edition All-in-One

BIOS

2.11.01

Rev 1

SP136705

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136705.exe

HP EliteOne 800 G5 23.8-inch All-in-One

BIOS

2.11.01

Rev 1

SP136705

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136705.exe

HP ProDesk 400 G3 Desktop Mini PC

BIOS

02.40

Rev 3

SP139783

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139783.exe

HP ProDesk 400 G4 Desktop Mini PC

BIOS

02.18.00

Rev 1

SP136964

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136964.exe

HP ProDesk 400 G4 Microtower PC

BIOS

02.40

Rev 1

SP139854

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139854.exe

HP ProDesk 400 G4 Small Form Factor PC

BIOS

02.40

Rev 1

SP139796

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139796.exe

HP ProDesk 400 G5 Desktop Mini PC

BIOS

02.11.00

Rev 1

SP136574

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136574.exe

HP ProDesk 400 G5 Microtower PC

BIOS

02.17.00

Rev 1

SP136497

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136497.exe

HP ProDesk 400 G5 Small Form Factor PC

BIOS

2.17

Rev 1

SP136532

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136532.exe

HP ProDesk 400 G6 Microtower PC

BIOS

02.11.00

Rev 1

SP136501

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136501.exe

HP ProDesk 400 G6 Small Form Factor PC

BIOS

02.11.00

Rev 1

SP136515

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136515.exe

HP ProDesk 405 G4 Desktop Mini PC

BIOS

02.17.00

Rev 1

SP136824

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136824.exe

HP ProDesk 405 G4 Small Form Factor PC

BIOS

02.12.00

Rev 1

SP137069

https://ftp.hp.com/pub/softpaq/sp137001-137500/sp137069.exe

HP ProDesk 480 G4 Microtower PC

BIOS

02.40

Rev 1

SP139854

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139854.exe

HP ProDesk 480 G5 Microtower PC

BIOS

02.17.00

Rev 1

SP136497

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136497.exe

HP ProDesk 480 G6 Microtower PC

BIOS

02.11.00

Rev 1

SP136501

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136501.exe

HP ProDesk 600 G3 Desktop Mini PC

BIOS

02.40

Rev 3

SP139782

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139782.exe

HP ProDesk 600 G3 Microtower PC

BIOS

02.40

Rev 1

SP139853

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139853.exe

HP ProDesk 600 G3 Small Form Factor PC

BIOS

02.40

Rev 1

SP139795

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139795.exe

HP ProDesk 600 G4 Desktop Mini PC

BIOS

02.18.00

Rev 1

SP136957

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136957.exe

HP ProDesk 600 G4 Microtower PC

BIOS

02.17.00

Rev 1

SP136496

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136496.exe

HP ProDesk 600 G4 Microtower PC (with PCI slot)

BIOS

02.17.00

Rev 1

SP136496

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136496.exe

HP ProDesk 600 G4 Small Form Factor PC

BIOS

02.18.00

Rev 1

SP136961

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136961.exe

HP ProDesk 600 G5 Desktop Mini PC

BIOS

02.11.00

Rev 1

SP136573

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136573.exe

HP ProDesk 600 G5 Microtower PC

BIOS

02.11.00

Rev 1

SP136500

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136500.exe

HP ProDesk 600 G5 Microtower PC (with PCI slot)

BIOS

02.11.00

Rev 1

SP136500

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136500.exe

HP ProDesk 600 G5 Small Form Factor PC

BIOS

02.11.00

Rev 1

SP136514

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136514.exe

HP ProDesk 680 G3 Microtower PC

BIOS

02.40

Rev 1

SP139853

https://ftp.hp.com/pub/softpaq/sp139501-140000/sp139853.exe

HP ProDesk 680 G4 Microtower PC

BIOS

02.17.00

Rev 1

SP136496

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136496.exe

HP ProDesk 680 G4 Microtower PC (With PCI slot)

BIOS

02.17.00

Rev 1

SP136498

https://ftp.hp.com/pub/softpaq/sp136001-136500/sp136498.exe

HP ProOne 400 G3 20-inch Non-Touch All-in-One PC

BIOS

02.40

Rev 3

SP140061

https://ftp.hp.com/pub/softpaq/sp140001-140500/sp140061.exe

HP ProOne 400 G3 20-inch Touch All-in-One PC

BIOS

02.40

Rev 3

SP140061

https://ftp.hp.com/pub/softpaq/sp140001-140500/sp140061.exe

HP ProOne 400 G4 20-inch Non-Touch All-in-One Business PC

BIOS

02.17.00

Rev 1

SP136516

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136516.exe

HP ProOne 400 G4 23.8-inch Non-Touch All-in-One Business PC

BIOS

02.17.00

Rev 1

SP136516

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136516.exe

HP ProOne 400 G5 20-inch All-in-One Business PC

BIOS

02.11.01

Rev 1

SP136660

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136660.exe

HP ProOne 400 G5 23.8-inch All-in-One Business PC

BIOS

02.11.01

Rev 1

SP136660

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136660.exe

HP ProOne 440 G4 23.8-inch Non-Touch All-in-One Business PC

BIOS

02.17.00

Rev 1

SP136516

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136516.exe

HP ProOne 440 G5 23.8-in All-in-One Business PC

BIOS

02.11.01

Rev 1

SP136660

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136660.exe

HP ProOne 480 G3 20-inch Non-Touch All-in One PC

BIOS

02.40

Rev 3

SP140061

https://ftp.hp.com/pub/softpaq/sp140001-140500/sp140061.exe

HP ProOne 600 G3 21.5-inch Non-Touch All-in-One PC

BIOS

02.40

Rev 3

SP140060

https://ftp.hp.com/pub/softpaq/sp140001-140500/sp140060.exe

HP ProOne 600 G4 21.5-inch Touch All-in-One Business PC

BIOS

02.17.00

Rev 1

SP136516

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136516.exe

HP ProOne 600 G5 21.5-in All-in-One Business PC

BIOS

02.11.01

Rev 1

SP136660

https://ftp.hp.com/pub/softpaq/sp136501-137000/sp136660.exe

CVE-2021-3809: HP PC BIOS - May 2022 Security Updates

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Artikkelin numero: 000206943

**DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities****Yhteenveto: Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.**

**Artikkelin sisältö**

**Vaikutus**

Critical

**Tiedot**

**Third-party Component**

**CVEs**

**More Information**

VMware ESXi

CVE-2022-31696

For more information, see VMSA-2022-0030

CVE-2022-31699

CVE-2022-31705

For more information, see VMSA-2022-0033

VMware vCenter

CVE-2021-22048

For more information, see VMSA-2021-0025.6

CVE-2022-31697

For more information, see VMSA-2022-0030

CVE-2022-31698

CVE-2020-28196

 

VMware Tools

CVE-2022-31676

For more information, see VMSA-2022-0024.1

VxRail Manager

CVE-2022-46756

 

Dell iDRAC9

CVE-2022-0778

Open SSL vulnerability, see DSA-2022-154 for more information

CVE-2022-34435

For more information, see DSA-2022-265

PowerEdge BIOS 13G

CVE-2022-22558

 

CVE-2019-14584

 

CVE-2021-28210

 

CVE-2021-28211

 

CVE-2021-0060

For more information, see Intel-SA-00470

CVE-2021-0147

CVE-2021-0127

For more information, see Intel-SA-00532

CVE-2021-0091

For more information, see Intel-SA-00527

CVE-2021-0092

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0119

CVE-2021-0124

CVE-2021-0125

CVE-2021-0153

For more information, see Intel-SA-00601

CVE-2021-0154

CVE-2021-0155

CVE-2021-0159

CVE-2021-0188

CVE-2021-0189

CVE-2021-0190

CVE-2021-33103

CVE-2021-33122

CVE-2021-33123

CVE-2021-33124

CVE-2022-0004

For more information, see Intel-SA-00613

CVE-2022-0005

For more information, see Intel-SA-00614

CVE-2021-21131

For more information, see Intel-SA-00616

CVE-2021-21136

CVE-2022-21123

For more information, see DSA-2022-161 and Intel-SA-00615

CVE-2022-21125

CVE-2022-21127

CVE-2022-21166

PowerEdge BIOS 13G, 15G

CVE-2022-21233

For more information, see Intel-SA-00657

CVE-2021-33060

For more information, see Intel-SA-00686

CVE-2022-26074

For more information, see Intel-SA-00669

PowerEdge BIOS 14G, 15G

CVE-2022-34376

For more information, see DSA-2022-204

CVE-2022-34377

CVE-2022-34406

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

PowerEdge BIOS

CVE‑2021‑26316

For more information, see DSA-2023-002

CVE-2021-26328

CVE-2021-26343

CVE-2021-26353

CVE-2021-26355

CVE-2021-26396

CVE-2021-26398

CVE-2021-26402

CVE-2021-26403

CVE-2021-26404

CVE-2021-26407

CVE-2021-26409

CVE-2021-39298

CVE-2021-46767

CVE-2021-46768

CVE-2021-46779

CVE-2021-46791

CVE-2022-23813

CVE-2022-23814

CVE-2023-20522

CVE-2023-20523

CVE-2023-20525

CVE-2023-20527

CVE-2023-20528

CVE-2023-20529

CVE-2023-20530

CVE-2023-20531

CVE-2023-20532

SUSE

CVE-2015-20107

www.SUSE.com

CVE-2016-3695

CVE-2017-17087

CVE-2019-13224

CVE-2019-16163

CVE-2019-19203

CVE-2019-19204

CVE-2019-19246

CVE-2019-19377

CVE-2019-19906

CVE-2019-20454

CVE-2020-25657

CVE-2020-26159

CVE-2020-26541

CVE-2020-27784

CVE-2020-36516

CVE-2020-36557

CVE-2020-36558

CVE-2021-20321

CVE-2021-26341

CVE-2021-26401

CVE-2021-28861

CVE-2021-31799

CVE-2021-31810

CVE-2021-32066

CVE-2021-33061

CVE-2021-33655

CVE-2021-33656

CVE-2021-3572

CVE-2021-3695

CVE-2021-3696

CVE-2021-3697

CVE-2021-3778

CVE-2021-3796

CVE-2021-3872

CVE-2021-3875

CVE-2021-3903

CVE-2021-3927

CVE-2021-3928

CVE-2021-3968

CVE-2021-3973

CVE-2021-3974

CVE-2021-3984

CVE-2021-4019

CVE-2021-4069

CVE-2021-4136

CVE-2021-4155

CVE-2021-4157

CVE-2021-4166

CVE-2021-41817

CVE-2021-4192

CVE-2021-4193

CVE-2021-4203

CVE-2021-43527

CVE-2021-43565

CVE-2021-46059

CVE-2021-46828

CVE-2022-0001

CVE-2022-0002

CVE-2022-0128

CVE-2022-0168

CVE-2022-0213

CVE-2022-0261

CVE-2022-0318

CVE-2022-0319

CVE-2022-0351

CVE-2022-0359

CVE-2022-0361

CVE-2022-0392

CVE-2022-0407

CVE-2022-0413

CVE-2022-0561

CVE-2022-0562

CVE-2022-0696

CVE-2022-0865

CVE-2022-0891

CVE-2022-0908

CVE-2022-0909

CVE-2022-0924

CVE-2022-1011

CVE-2022-1012

CVE-2022-1056

CVE-2022-1116

CVE-2022-1158

CVE-2022-1184

CVE-2022-1271

CVE-2022-1292

CVE-2022-1304

CVE-2022-1353

CVE-2022-1381

CVE-2022-1420

CVE-2022-1462

CVE-2022-1516

CVE-2022-1552

CVE-2022-1586

CVE-2022-1587

CVE-2022-1616

CVE-2022-1619

CVE-2022-1620

CVE-2022-1652

CVE-2022-1679

CVE-2022-1720

CVE-2022-1729

CVE-2022-1733

CVE-2022-1734

CVE-2022-1735

CVE-2022-1771

CVE-2022-1785

CVE-2022-1796

CVE-2022-1851

CVE-2022-1897

CVE-2022-1898

CVE-2022-1927

CVE-2022-1966

CVE-2022-1968

CVE-2022-1974

CVE-2022-1975

CVE-2022-20132

CVE-2022-20141

CVE-2022-20154

CVE-2022-20166

CVE-2022-20368

CVE-2022-20369

CVE-2022-2068

CVE-2022-2097

CVE-2022-21123

CVE-2022-21125

CVE-2022-21127

CVE-2022-21166

CVE-2022-21180

CVE-2022-2124

CVE-2022-2125

CVE-2022-2126

CVE-2022-2129

CVE-2022-21426

CVE-2022-21434

CVE-2022-21443

CVE-2022-21476

CVE-2022-21496

CVE-2022-21505

CVE-2022-21540

CVE-2022-21541

CVE-2022-2175

CVE-2022-2182

CVE-2022-2183

CVE-2022-2206

CVE-2022-2207

CVE-2022-2208

CVE-2022-2210

CVE-2022-2231

CVE-2022-2257

CVE-2022-2264

CVE-2022-2284

CVE-2022-2285

CVE-2022-2286

CVE-2022-2287

CVE-2022-22967

CVE-2022-2304

CVE-2022-2318

CVE-2022-23308

CVE-2022-2343

CVE-2022-2344

CVE-2022-2345

CVE-2022-23648

CVE-2022-23960

CVE-2022-24769

CVE-2022-24903

CVE-2022-2509

CVE-2022-2522

CVE-2022-2571

CVE-2022-2580

CVE-2022-2581

CVE-2022-2588

CVE-2022-2598

CVE-2022-2625

CVE-2022-26365

CVE-2022-26373

CVE-2022-2639

CVE-2022-2663

CVE-2022-26691

CVE-2022-27191

CVE-2022-27239

CVE-2022-27404

CVE-2022-27405

CVE-2022-27406

CVE-2022-27781

CVE-2022-27782

CVE-2022-2816

CVE-2022-2817

CVE-2022-2819

CVE-2022-2845

CVE-2022-2849

CVE-2022-2862

CVE-2022-28733

CVE-2022-28734

CVE-2022-28735

CVE-2022-28736

CVE-2022-28739

CVE-2022-2874

CVE-2022-2889

CVE-2022-28893

CVE-2022-2905

CVE-2022-29154

CVE-2022-29155

CVE-2022-29162

CVE-2022-2923

CVE-2022-2946

CVE-2022-29581

CVE-2022-2977

CVE-2022-29824

CVE-2022-29900

CVE-2022-29901

CVE-2022-3016

CVE-2022-3028

CVE-2022-30594

CVE-2022-31030

CVE-2022-31676

CVE-2022-31741

CVE-2022-32206

CVE-2022-32208

CVE-2022-32250

CVE-2022-32742

CVE-2022-33068

CVE-2022-33740

CVE-2022-33741

CVE-2022-33742

CVE-2022-33981

CVE-2022-34169

CVE-2022-34903

CVE-2022-36879

CVE-2022-36946

CVE-2022-37434

CVE-2022-39188

  

**Third-party Component**

**CVEs**

**More Information**

VMware ESXi

CVE-2022-31696

For more information, see VMSA-2022-0030

CVE-2022-31699

CVE-2022-31705

For more information, see VMSA-2022-0033

VMware vCenter

CVE-2021-22048

For more information, see VMSA-2021-0025.6

CVE-2022-31697

For more information, see VMSA-2022-0030

CVE-2022-31698

CVE-2020-28196

 

VMware Tools

CVE-2022-31676

For more information, see VMSA-2022-0024.1

VxRail Manager

CVE-2022-46756

 

Dell iDRAC9

CVE-2022-0778

Open SSL vulnerability, see DSA-2022-154 for more information

CVE-2022-34435

For more information, see DSA-2022-265

PowerEdge BIOS 13G

CVE-2022-22558

 

CVE-2019-14584

 

CVE-2021-28210

 

CVE-2021-28211

 

CVE-2021-0060

For more information, see Intel-SA-00470

CVE-2021-0147

CVE-2021-0127

For more information, see Intel-SA-00532

CVE-2021-0091

For more information, see Intel-SA-00527

CVE-2021-0092

CVE-2021-0093

CVE-2021-0099

CVE-2021-0103

CVE-2021-0107

CVE-2021-0111

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0119

CVE-2021-0124

CVE-2021-0125

CVE-2021-0153

For more information, see Intel-SA-00601

CVE-2021-0154

CVE-2021-0155

CVE-2021-0159

CVE-2021-0188

CVE-2021-0189

CVE-2021-0190

CVE-2021-33103

CVE-2021-33122

CVE-2021-33123

CVE-2021-33124

CVE-2022-0004

For more information, see Intel-SA-00613

CVE-2022-0005

For more information, see Intel-SA-00614

CVE-2021-21131

For more information, see Intel-SA-00616

CVE-2021-21136

CVE-2022-21123

For more information, see DSA-2022-161 and Intel-SA-00615

CVE-2022-21125

CVE-2022-21127

CVE-2022-21166

PowerEdge BIOS 13G, 15G

CVE-2022-21233

For more information, see Intel-SA-00657

CVE-2021-33060

For more information, see Intel-SA-00686

CVE-2022-26074

For more information, see Intel-SA-00669

PowerEdge BIOS 14G, 15G

CVE-2022-34376

For more information, see DSA-2022-204

CVE-2022-34377

CVE-2022-34406

CVE-2022-34407

CVE-2022-34408

CVE-2022-34409

CVE-2022-34410

CVE-2022-34411

CVE-2022-34412

CVE-2022-34413

CVE-2022-34414

CVE-2022-34415

CVE-2022-34416

CVE-2022-34417

CVE-2022-34418

CVE-2022-34419

CVE-2022-34420

CVE-2022-34421

CVE-2022-34422

CVE-2022-34423

PowerEdge BIOS

CVE‑2021‑26316

For more information, see DSA-2023-002

CVE-2021-26328

CVE-2021-26343

CVE-2021-26353

CVE-2021-26355

CVE-2021-26396

CVE-2021-26398

CVE-2021-26402

CVE-2021-26403

CVE-2021-26404

CVE-2021-26407

CVE-2021-26409

CVE-2021-39298

CVE-2021-46767

CVE-2021-46768

CVE-2021-46779

CVE-2021-46791

CVE-2022-23813

CVE-2022-23814

CVE-2023-20522

CVE-2023-20523

CVE-2023-20525

CVE-2023-20527

CVE-2023-20528

CVE-2023-20529

CVE-2023-20530

CVE-2023-20531

CVE-2023-20532

SUSE

CVE-2015-20107

www.SUSE.com

CVE-2016-3695

CVE-2017-17087

CVE-2019-13224

CVE-2019-16163

CVE-2019-19203

CVE-2019-19204

CVE-2019-19246

CVE-2019-19377

CVE-2019-19906

CVE-2019-20454

CVE-2020-25657

CVE-2020-26159

CVE-2020-26541

CVE-2020-27784

CVE-2020-36516

CVE-2020-36557

CVE-2020-36558

CVE-2021-20321

CVE-2021-26341

CVE-2021-26401

CVE-2021-28861

CVE-2021-31799

CVE-2021-31810

CVE-2021-32066

CVE-2021-33061

CVE-2021-33655

CVE-2021-33656

CVE-2021-3572

CVE-2021-3695

CVE-2021-3696

CVE-2021-3697

CVE-2021-3778

CVE-2021-3796

CVE-2021-3872

CVE-2021-3875

CVE-2021-3903

CVE-2021-3927

CVE-2021-3928

CVE-2021-3968

CVE-2021-3973

CVE-2021-3974

CVE-2021-3984

CVE-2021-4019

CVE-2021-4069

CVE-2021-4136

CVE-2021-4155

CVE-2021-4157

CVE-2021-4166

CVE-2021-41817

CVE-2021-4192

CVE-2021-4193

CVE-2021-4203

CVE-2021-43527

CVE-2021-43565

CVE-2021-46059

CVE-2021-46828

CVE-2022-0001

CVE-2022-0002

CVE-2022-0128

CVE-2022-0168

CVE-2022-0213

CVE-2022-0261

CVE-2022-0318

CVE-2022-0319

CVE-2022-0351

CVE-2022-0359

CVE-2022-0361

CVE-2022-0392

CVE-2022-0407

CVE-2022-0413

CVE-2022-0561

CVE-2022-0562

CVE-2022-0696

CVE-2022-0865

CVE-2022-0891

CVE-2022-0908

CVE-2022-0909

CVE-2022-0924

CVE-2022-1011

CVE-2022-1012

CVE-2022-1056

CVE-2022-1116

CVE-2022-1158

CVE-2022-1184

CVE-2022-1271

CVE-2022-1292

CVE-2022-1304

CVE-2022-1353

CVE-2022-1381

CVE-2022-1420

CVE-2022-1462

CVE-2022-1516

CVE-2022-1552

CVE-2022-1586

CVE-2022-1587

CVE-2022-1616

CVE-2022-1619

CVE-2022-1620

CVE-2022-1652

CVE-2022-1679

CVE-2022-1720

CVE-2022-1729

CVE-2022-1733

CVE-2022-1734

CVE-2022-1735

CVE-2022-1771

CVE-2022-1785

CVE-2022-1796

CVE-2022-1851

CVE-2022-1897

CVE-2022-1898

CVE-2022-1927

CVE-2022-1966

CVE-2022-1968

CVE-2022-1974

CVE-2022-1975

CVE-2022-20132

CVE-2022-20141

CVE-2022-20154

CVE-2022-20166

CVE-2022-20368

CVE-2022-20369

CVE-2022-2068

CVE-2022-2097

CVE-2022-21123

CVE-2022-21125

CVE-2022-21127

CVE-2022-21166

CVE-2022-21180

CVE-2022-2124

CVE-2022-2125

CVE-2022-2126

CVE-2022-2129

CVE-2022-21426

CVE-2022-21434

CVE-2022-21443

CVE-2022-21476

CVE-2022-21496

CVE-2022-21505

CVE-2022-21540

CVE-2022-21541

CVE-2022-2175

CVE-2022-2182

CVE-2022-2183

CVE-2022-2206

CVE-2022-2207

CVE-2022-2208

CVE-2022-2210

CVE-2022-2231

CVE-2022-2257

CVE-2022-2264

CVE-2022-2284

CVE-2022-2285

CVE-2022-2286

CVE-2022-2287

CVE-2022-22967

CVE-2022-2304

CVE-2022-2318

CVE-2022-23308

CVE-2022-2343

CVE-2022-2344

CVE-2022-2345

CVE-2022-23648

CVE-2022-23960

CVE-2022-24769

CVE-2022-24903

CVE-2022-2509

CVE-2022-2522

CVE-2022-2571

CVE-2022-2580

CVE-2022-2581

CVE-2022-2588

CVE-2022-2598

CVE-2022-2625

CVE-2022-26365

CVE-2022-26373

CVE-2022-2639

CVE-2022-2663

CVE-2022-26691

CVE-2022-27191

CVE-2022-27239

CVE-2022-27404

CVE-2022-27405

CVE-2022-27406

CVE-2022-27781

CVE-2022-27782

CVE-2022-2816

CVE-2022-2817

CVE-2022-2819

CVE-2022-2845

CVE-2022-2849

CVE-2022-2862

CVE-2022-28733

CVE-2022-28734

CVE-2022-28735

CVE-2022-28736

CVE-2022-28739

CVE-2022-2874

CVE-2022-2889

CVE-2022-28893

CVE-2022-2905

CVE-2022-29154

CVE-2022-29155

CVE-2022-29162

CVE-2022-2923

CVE-2022-2946

CVE-2022-29581

CVE-2022-2977

CVE-2022-29824

CVE-2022-29900

CVE-2022-29901

CVE-2022-3016

CVE-2022-3028

CVE-2022-30594

CVE-2022-31030

CVE-2022-31676

CVE-2022-31741

CVE-2022-32206

CVE-2022-32208

CVE-2022-32250

CVE-2022-32742

CVE-2022-33068

CVE-2022-33740

CVE-2022-33741

CVE-2022-33742

CVE-2022-33981

CVE-2022-34169

CVE-2022-34903

CVE-2022-36879

CVE-2022-36946

CVE-2022-37434

CVE-2022-39188

  

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**Affected Versions**

**Updated Versions**

Dell VxRail Appliance

7.0.x versions before 7.0.410

7.0.410

**Product**

**Affected Versions**

**Updated Versions**

Dell VxRail Appliance

7.0.x versions before 7.0.410

7.0.410

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-22

Initial Release

1.1

2022-01-06

Added CVE

1.2

2023-01-11

Added PowerEdge BIOS CVE.

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Artikkelin ominaisuudet**

**Tuote, johon asia vaikuttaa**

VxRail, CloudArray Virtual Edition for VxRail Appliance, Product Security Information, VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail 460 and 470 Nodes, VxRail Appliance Family, VxRail Appliance Series , VxRail G410, VxRail G Series Nodes, VxRail D Series Nodes, VxRail D560, VxRail D560F, VxRail E Series Nodes, VxRail E460, VxRail E560, VxRail E560 VCF, VxRail E560F, VxRail E560F VCF, VxRail E560N, VxRail E560N VCF, VxRail E660, VxRail E660F, VxRail E660N, VxRail E665, VxRail E665F, VxRail E665N, VxRail G560, VxRail G560 VCF, VxRail G560F, VxRail G560F VCF, VxRail Gen2 Hardware, VxRail P Series Nodes, VxRail P470, VxRail P570, VxRail P570 VCF, VxRail P570F, VxRail P570F VCF, VxRail P580N, VxRail P580N VCF, VXRAIL P670F, VxRail P670N, VxRail P675F, VxRail P675N, VxRail S Series Nodes, VxRail S470, VxRail S570, VxRail S570 VCF, VxRail S670, VxRail Software, VxRail V Series Nodes, VxRail V470, VxRail V570, VxRail V570 VCF, VxRail V570F, VxRail V570F VCF, VXRAIL V670F ...

**Edellinen julkaisupäivä**

11 tammik. 2023

**Versio**

4

**Artikkelin tyyppi**

Dell Security Advisory

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

Artikkelin numero: 000205716

**DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities****Yhteenveto: Dell Client Consumer platform remediation is available for multiple Dell BIOS vulnerabilities that may be exploited by malicious users to compromise the affected systems.**

**Artikkelin sisältö**

**Vaikutus**

High

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34403

  
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34400

  
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges may potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-34403

  
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

  
7.5

  
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34400

  
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges may potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

See the table below for Dell Client BIOS releases containing resolutions to these vulnerabilities. Dell Technologies recommends all customers update at the earliest opportunity.

Go to the Drivers & Downloads site for updates on the applicable products. To learn more, see Dell KB article 124211: Dell BIOS Updates, and download the update for your Dell computer.

Customers may use one of the Dell notification solutions to be notified on download driver, BIOS, and firmware updates automatically once available.

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**Product**

**BIOS Update Version**

**BIOS Release Date**

Alienware m15 R6

1.17.0

10-19-2022

Alienware m15 R7

1.4.3

09-29-2022

Alienware m15 Ryzen Edition R5

1.8.0

10-26-2022

Alienware m17 R5 AMD

1.4.3

09-29-2022

Dell G15 5510

1.16.0

10-11-2022

Dell G15 5511

1.18.0

10-11-2022

Dell G15 5515

1.8.0

10-26-2022

Dell G15 5525

1.4.3

09-29-2022

Dell G5 SE 5505

1.13.0

11-08-2022

Inspiron 14 5410 2-in-1

2.15.2

11-15-2022

Inspiron 15 3511

1.18.2

11-21-2022

Inspiron 3195 2-in-1

1.6.0

10-26-2022

Inspiron 3275

1.9.2

10-05-2022

Inspiron 3475

1.9.2

10-05-2022

Inspiron 3505

1.9.0

10-11-2022

Inspiron 3515

1.9.0

10-11-2022

Inspiron 3525

1.5.0

10-13-2022

Inspiron 3585

1.10.0

10-26-2022

Inspiron 3595

1.5.0

10-26-2022

Inspiron 3785

1.10.0

10-26-2022

Inspiron 3891

1.12.0

10-17-2022

Inspiron 5310

2.15.0

10-11-2022

Inspiron 5405

1.9.0

11-08-2022

Inspiron 5410

2.14.0

10-07-2022

Inspiron 5415

1.13.0

11-08-2022

Inspiron 5425

1.5.0

10-11-2022

Inspiron 5485

2.11.0

10-26-2022

Inspiron 5485 2-in-1

2.11.0

10-26-2022

Inspiron 5505

1.9.0

11-08-2022

Inspiron 5510

2.15.2

11-15-2022

Inspiron 5515

1.13.0

11-08-2022

Inspiron 5585

2.11.0

10-26-2022

Inspiron 7405 2-in-1

1.10.1

12-01-2022

Inspiron 7415

1.13.0

11-09-2022

Inspiron 7425

1.5.0

10-11-2022

Inspiron 7510

1.12.0

10-12-2022

Inspiron 7610

1.12.0

10-12-2022

Latitude 3320

1.18.2

11-15-2022

Latitude 3420

1.23.2

11-07-2022

Latitude 3520

1.23.2

11-07-2022

Latitude 5320

1.24.3

11-16-2022

Latitude 5420

1.22.0

10-17-2022

Latitude 5520

1.24.3

11-16-2022

Latitude 5521

1.17.3

11-16-2022

Latitude 7320

1.20.0

10-17-2022

Latitude 7320 Detachable

1.17.2

11-22-2022

Latitude 7420

1.20.0

10-17-2022

Latitude 7520

1.20.0

10-17-2022

Latitude 9420

1.16.2

11-22-2022

Latitude 9520

1.17.0

10-17-2022

Latitude Rugged 5430

1.12.0

10-11-2022

Latitude Rugged 7330

1.12.0

10-11-2022

Latitude 5421

1.15.0

10-17-2022

OptiPlex 3090 Ultra

1.15.0

10-12-2022

OptiPlex 5090

1.12.0

10-17-2022

OptiPlex 5490 All-In-One

1.15.0

10-11-2022

OptiPlex 7090 Tower

1.12.0

10-11-2022

OptiPlex 7090 Ultra

1.15.0

10-12-2022

OptiPlex 7490 AIO

1.15.0

10-11-2022

Precision 3450

1.12.0

10-11-2022

Precision 3560

1.24.3

11-16-2022

Precision 3561

1.17.3

11-16-2022

Precision 3650 Tower

1.16.0

10-11-2022

Precision 5560

1.15.2

11-21-2022

Precision 5760

1.15.2

11-16-2022

Precision 7560

1.16.0

10-14-2022

Precision 7760

1.16.0

10-14-2022

Vostro 3405

1.9.0

10-11-2022

Vostro 3425

1.5.0

10-13-2022

Vostro 3510

1.18.2

11-21-2022

Vostro 3515

1.9.0

10-11-2022

Vostro 3525

1.5.0

10-13-2022

Vostro 3690

1.12.0

10-17-2022

Vostro 3890

1.12.0

10-17-2022

Vostro 5310

2.15.0

10-11-2022

Vostro 5410

2.15.2

11-15-2022

Vostro 5415

1.13.0

11-08-2022

Vostro 5510

2.15.2

11-15-2022

Vostro 5515

1.13.0

11-08-2022

Vostro 5625

1.5.0

10-11-2022

Vostro 5890

1.12.0

10-11-2022

Vostro 7510

1.12.0

10-12-2022

XPS 15 9510

1.15.2

11-21-2022

XPS 17 9710

1.15.2

11-14-2022

**Product**

**BIOS Update Version**

**BIOS Release Date**

Alienware m15 R6

1.17.0

10-19-2022

Alienware m15 R7

1.4.3

09-29-2022

Alienware m15 Ryzen Edition R5

1.8.0

10-26-2022

Alienware m17 R5 AMD

1.4.3

09-29-2022

Dell G15 5510

1.16.0

10-11-2022

Dell G15 5511

1.18.0

10-11-2022

Dell G15 5515

1.8.0

10-26-2022

Dell G15 5525

1.4.3

09-29-2022

Dell G5 SE 5505

1.13.0

11-08-2022

Inspiron 14 5410 2-in-1

2.15.2

11-15-2022

Inspiron 15 3511

1.18.2

11-21-2022

Inspiron 3195 2-in-1

1.6.0

10-26-2022

Inspiron 3275

1.9.2

10-05-2022

Inspiron 3475

1.9.2

10-05-2022

Inspiron 3505

1.9.0

10-11-2022

Inspiron 3515

1.9.0

10-11-2022

Inspiron 3525

1.5.0

10-13-2022

Inspiron 3585

1.10.0

10-26-2022

Inspiron 3595

1.5.0

10-26-2022

Inspiron 3785

1.10.0

10-26-2022

Inspiron 3891

1.12.0

10-17-2022

Inspiron 5310

2.15.0

10-11-2022

Inspiron 5405

1.9.0

11-08-2022

Inspiron 5410

2.14.0

10-07-2022

Inspiron 5415

1.13.0

11-08-2022

Inspiron 5425

1.5.0

10-11-2022

Inspiron 5485

2.11.0

10-26-2022

Inspiron 5485 2-in-1

2.11.0

10-26-2022

Inspiron 5505

1.9.0

11-08-2022

Inspiron 5510

2.15.2

11-15-2022

Inspiron 5515

1.13.0

11-08-2022

Inspiron 5585

2.11.0

10-26-2022

Inspiron 7405 2-in-1

1.10.1

12-01-2022

Inspiron 7415

1.13.0

11-09-2022

Inspiron 7425

1.5.0

10-11-2022

Inspiron 7510

1.12.0

10-12-2022

Inspiron 7610

1.12.0

10-12-2022

Latitude 3320

1.18.2

11-15-2022

Latitude 3420

1.23.2

11-07-2022

Latitude 3520

1.23.2

11-07-2022

Latitude 5320

1.24.3

11-16-2022

Latitude 5420

1.22.0

10-17-2022

Latitude 5520

1.24.3

11-16-2022

Latitude 5521

1.17.3

11-16-2022

Latitude 7320

1.20.0

10-17-2022

Latitude 7320 Detachable

1.17.2

11-22-2022

Latitude 7420

1.20.0

10-17-2022

Latitude 7520

1.20.0

10-17-2022

Latitude 9420

1.16.2

11-22-2022

Latitude 9520

1.17.0

10-17-2022

Latitude Rugged 5430

1.12.0

10-11-2022

Latitude Rugged 7330

1.12.0

10-11-2022

Latitude 5421

1.15.0

10-17-2022

OptiPlex 3090 Ultra

1.15.0

10-12-2022

OptiPlex 5090

1.12.0

10-17-2022

OptiPlex 5490 All-In-One

1.15.0

10-11-2022

OptiPlex 7090 Tower

1.12.0

10-11-2022

OptiPlex 7090 Ultra

1.15.0

10-12-2022

OptiPlex 7490 AIO

1.15.0

10-11-2022

Precision 3450

1.12.0

10-11-2022

Precision 3560

1.24.3

11-16-2022

Precision 3561

1.17.3

11-16-2022

Precision 3650 Tower

1.16.0

10-11-2022

Precision 5560

1.15.2

11-21-2022

Precision 5760

1.15.2

11-16-2022

Precision 7560

1.16.0

10-14-2022

Precision 7760

1.16.0

10-14-2022

Vostro 3405

1.9.0

10-11-2022

Vostro 3425

1.5.0

10-13-2022

Vostro 3510

1.18.2

11-21-2022

Vostro 3515

1.9.0

10-11-2022

Vostro 3525

1.5.0

10-13-2022

Vostro 3690

1.12.0

10-17-2022

Vostro 3890

1.12.0

10-17-2022

Vostro 5310

2.15.0

10-11-2022

Vostro 5410

2.15.2

11-15-2022

Vostro 5415

1.13.0

11-08-2022

Vostro 5510

2.15.2

11-15-2022

Vostro 5515

1.13.0

11-08-2022

Vostro 5625

1.5.0

10-11-2022

Vostro 5890

1.12.0

10-11-2022

Vostro 7510

1.12.0

10-12-2022

XPS 15 9510

1.15.2

11-21-2022

XPS 17 9710

1.15.2

11-14-2022

**Kiitokset**

CVE-2022-34400, CVE-2022-34403: Dell Technologies would like to thank Cederic Laumen (@ling\_sec) for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-12-15

Initial Release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Artikkelin ominaisuudet**

**Tuote, johon asia vaikuttaa**

Dell G15 5510, Dell G15 5511, Dell G15 5515 Ryzen Edition, Dell G15 5525, Inspiron 3195 2-in-1, Inspiron 5405, Inspiron 14 5410 2-in-1, Inspiron 5415, Inspiron 7405 2-in-1, Inspiron 3505, Inspiron 15 3511, Inspiron 3585, Inspiron 3595, Inspiron 5505 , Inspiron 5515, Inspiron 3785, Inspiron 3275, Inspiron 3475, Inspiron 3891, Inspiron 531s, Inspiron 5425 (End of Life), Latitude 3320, Latitude 5320, Latitude 7320, Latitude 7320 Detachable, Latitude 7330 Rugged Extreme, Latitude 3420, Latitude 5421, Latitude 5430 Rugged, Latitude 7420, Latitude 7424 Rugged Extreme, Latitude 9420, Latitude 3520, Latitude 5520, Latitude 5521, Latitude 9520, Latitude 5420, OptiPlex 3090 Ultra, OptiPlex 5090, OptiPlex 5490 All-In-One, OptiPlex 7090 Ultra, OptiPlex 7490 All-In-One, Precision 3540, Precision 3560, Precision 3561, Precision 5560, Precision 7560, Precision 5760, Precision 7760, Precision 3650 Tower, Product Security Information, Vostro 3405, Vostro 3425, Vostro 3525, Vostro 5625, Vostro 3690, Vostro 5890, XPS 15 9510 ...

**Edellinen julkaisupäivä**

16 jouluk. 2022

**Versio**

1

**Artikkelin tyyppi**

Dell Security Advisory

Tag

#ios