PT-2020-7798 · Hewlett Packard+1 · Hp Elitebook 850 G1+1

Corey Kallenberg

Published

2020-01-30

Updated

2020-02-06

CVE-2015-0949

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Dell Latitude E6430 BIOS version A09 HP EliteBook 850 G1 BIOS version L71 Ver. 01.09

Description: The System Management Mode (SMM) implementation in certain BIOS versions does not ensure that function calls operate on SMRAM memory locations. This allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Recommendations: For Dell Latitude E6430 BIOS version A09, update the BIOS to a version that fixes this issue. For HP EliteBook 850 G1 BIOS version L71 Ver. 01.09, update the BIOS to a version that fixes this issue. As a temporary workaround, consider restricting physical memory access to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2015-0949

Affected Products

Dell Latitude E6430

Hp Elitebook 850 G1

PT-2020-7798 · Hewlett Packard+1 · Hp Elitebook 850 G1+1

CVE-2015-0949

Weakness Enumeration

Related Identifiers

Affected Products

References · 3