CVE-2016-2243 - Vulnerability Details

Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00042.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp Subscribe	1000 Series Firmware Subscribe 700 Series Firmware Subscribe 800 Series Firmware Subscribe Elitebook 725 G3 Subscribe Elitebook 745 G3 Subscribe Elitebook 755 G3 Subscribe Elitebook 820 G3 Subscribe Elitebook 840 G3 Subscribe Elitebook 850 G3 Subscribe Elitebook Folio 1012 X2 G2 Subscribe Elitebook Folio 1040 G3 Subscribe Elitedesk 705 G2 Dm Subscribe Elitedesk 705 G2 Mt Sff Subscribe Elitedesk 800 G2 Dm Subscribe Elitedesk 800 G2 Twr Subscribe Elitedesk 800 Sff Subscribe Mp9 G2 Retail System Subscribe Mt42 Mobile Thin Client Subscribe Z238 Firmware Subscribe Z238 Microtower Workstation N51 Subscribe Z240 Firmware Subscribe Z240 Sff Workstation N51 Subscribe Z240 Tower Workstation N51 Subscribe Zbook 15 G3 Subscribe Zbook 15u G3 Subscribe Zbook 17 G3 Subscribe Zbook Firmware Subscribe Zbook Studio G3 Subscribe
Samsung Subscribe	X14j Firmware Subscribe
Zyxel Subscribe	Gs1900-10hp Firmware Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:h:hp:elitebook_725_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_745_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_755_g3:-:::::::*

cpe:2.3:o:hp:700_series_firmware:1.08:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:h:hp:elitedesk_800_g2_twr:-:::::::*
	cpe:2.3:h:hp:elitedesk_800_sff:-:::::::*

cpe:2.3:o:hp:800_series_firmware:2.09:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:h:hp:z240_sff_workstation_n51:-:::::::*
	cpe:2.3:h:hp:z240_tower_workstation_n51:-:::::::*

cpe:2.3:o:hp:z240_firmware:1.11:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hp:700_series_firmware:2.09:*:*:*:*:*:*:*

cpe:2.3:h:hp:elitedesk_705_g2_mt_sff:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:hp:z238_microtower_workstation_n51:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:z238_firmware:1.11:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:h:hp:zbook_15_g3:-:::::::*
	cpe:2.3:h:hp:zbook_15u_g3:-:::::::*
	cpe:2.3:h:hp:zbook_17_g3:-:::::::*

cpe:2.3:o:hp:zbook_firmware:1.03:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:h:hp:elitedesk_800_g2_dm:-:::::::*
	cpe:2.3:h:hp:mp9_g2_retail_system:-:::::::*
	cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:::::::*

cpe:2.3:o:hp:800_series_firmware:2.1:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:h:hp:elitebook_820_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_840_g3:-:::::::*
	cpe:2.3:h:hp:elitebook_850_g3:-:::::::*

cpe:2.3:o:hp:1000_series_firmware:1.04:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:hp:elitebook_folio_1012_x2_g2:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:1000_series_firmware:1.1:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:h:hp:elitebook_folio_1040_g3:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:1000_series_firmware:1.01:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:h:hp:elitedesk_705_g2_dm:*:*:*:*:*:*:*:*

cpe:2.3:o:hp:700_series_firmware:2.05:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:h:hp:mt42_mobile_thin_client:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:700_series_firmware:1.05:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:h:hp:zbook_studio_g3:-:*:*:*:*:*:*:*

cpe:2.3:o:hp:zbook_firmware:1.04:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:hp:700_series_firmware:2.07:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2016-3327	Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securitytracker.com/id/1035193
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2016-03-04T15:00:00

Updated: 2024-08-05T23:24:48.480Z

Reserved: 2016-02-08T00:00:00

Link: CVE-2016-2243

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-03-04T15:59:00.107

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-2243

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-284

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object