CVE-2016-2243 - Vulnerability Details

Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	1000 Series Firmware 700 Series Firmware 800 Series Firmware Elitebook 725 G3 Elitebook 745 G3 Elitebook 755 G3 Elitebook 820 G3 Elitebook 840 G3 Elitebook 850 G3 Elitebook Folio 1012 X2 G2 Elitebook Folio 1040 G3 Elitedesk 705 G2 Dm Elitedesk 705 G2 Mt Sff Elitedesk 800 G2 Dm Elitedesk 800 G2 Twr Elitedesk 800 Sff Mp9 G2 Retail System Mt42 Mobile Thin Client Z238 Firmware Z238 Microtower Workstation N51 Z240 Firmware Z240 Sff Workstation N51 Z240 Tower Workstation N51 Zbook 15 G3 Zbook 15u G3 Zbook 17 G3 Zbook Firmware Zbook Studio G3
Samsung	X14j Firmware
Zyxel	Gs1900-10hp Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:h:hp:elitebook_725_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_745_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_755_g3:-:::::::*

cpe:2.3:o:hp:700_series_firmware:1.08:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:h:hp:elitedesk_800_g2_twr:-:::::::*
	cpe:2.3:h:hp:elitedesk_800_sff:-:::::::*

cpe:2.3:o:hp:800_series_firmware:2.09:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:h:hp:z240_sff_workstation_n51:-:::::::*
	cpe:2.3:h:hp:z240_tower_workstation_n51:-:::::::*

cpe:2.3:o:hp:z240_firmware:1.11:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:700_series_firmware:2.09:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitedesk_705_g2_mt_sff:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:hp:z238_microtower_workstation_n51:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:z238_firmware:1.11:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:h:hp:zbook_15_g3:-:::::::*
	cpe:2.3:h:hp:zbook_15u_g3:-:::::::*
	cpe:2.3:h:hp:zbook_17_g3:-:::::::*

cpe:2.3:o:hp:zbook_firmware:1.03:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:h:hp:elitedesk_800_g2_dm:-:::::::*
	cpe:2.3:h:hp:mp9_g2_retail_system:-:::::::*
	cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:::::::*

cpe:2.3:o:hp:800_series_firmware:2.1:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:h:hp:elitebook_820_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_840_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_850_g3:-:::::::*

cpe:2.3:o:hp:1000_series_firmware:1.04:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:hp:elitebook_folio_1012_x2_g2:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:1000_series_firmware:1.1:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:h:hp:elitebook_folio_1040_g3:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:1000_series_firmware:1.01:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:h:hp:elitedesk_705_g2_dm:*:*:*:*:*:*:*:*

cpe:2.3:o:hp:700_series_firmware:2.05:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:h:hp:mt42_mobile_thin_client:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:700_series_firmware:1.05:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:h:hp:zbook_studio_g3:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:zbook_firmware:1.04:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:hp:700_series_firmware:2.07:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2016-3327	Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securitytracker.com/id/1035193
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2016-03-04T15:00:00

Updated: 2024-08-05T23:24:48.480Z

Reserved: 2016-02-08T00:00:00

Link: CVE-2016-2243

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-03-04T15:59:00.107

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-2243

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object