CVE-2023-6138 - Vulnerability Details

A potential security vulnerability has been identified in the system BIOS for certain HP Workstation PCs, which might allow escalation of privilege, arbitrary code execution, or denial of service. HP is releasing mitigation for the potential vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00162.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hp Subscribe	Z440 Workstation Subscribe Z440 Workstation Firmware Subscribe Z640 Workstation Subscribe Z640 Workstation Firmware Subscribe Z840 Workstation Subscribe Z840 Workstation Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:hp:z440_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z440_workstation:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:z640_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z640_workstation:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:z840_workstation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:z840_workstation:-:*:*:*:*:*:*:*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.hp.com/us-en/document/ish_10167884-10167908-16/hpsbhf03915

History

Mon, 22 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hp Hp z440 Workstation Hp z440 Workstation Firmware Hp z640 Workstation Hp z640 Workstation Firmware Hp z840 Workstation Hp z840 Workstation Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:hp:z440_workstation:-:::::::* cpe:2.3:h:hp:z640_workstation:-:::::::* cpe:2.3:h:hp:z840_workstation:-:::::::* cpe:2.3:o:hp:z440_workstation_firmware:::::::: cpe:2.3:o:hp:z640_workstation_firmware:::::::: cpe:2.3:o:hp:z840_workstation_firmware::::::::
Vendors & Products		Hp Hp z440 Workstation Hp z440 Workstation Firmware Hp z640 Workstation Hp z640 Workstation Firmware Hp z840 Workstation Hp z840 Workstation Firmware

Thu, 21 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2024-02-14T22:12:16.966Z

Updated: 2024-11-21T21:37:16.403Z

Reserved: 2023-11-14T22:47:24.126Z

Link: CVE-2023-6138

Vulnrichment

Updated: 2024-08-02T08:21:17.709Z

NVD

Status : Analyzed

Published: 2024-02-14T23:15:08.093

Modified: 2025-12-22T18:28:02.000

Link: CVE-2023-6138

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object