CVE-2021-3661

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770	Vendor Advisory
https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:z1_all-in-one_g3_firmware:01.31:*:*:*:*:*:*:*

cpe:2.3:h:hp:z1_all-in-one_g3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:z2_mini_g3_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_mini_g3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:hp:z2_mini_g4_firmware:01.08.01:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_mini_g4:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:hp:z2_mini_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_mini_g5:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:hp:z2_small_form_factor_g4_firmware:01.08.01:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_small_form_factor_g4:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:hp:z2_small_form_factor_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_small_form_factor_g5:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:hp:z2_small_form_factor_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_small_form_factor_g8:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:hp:z2_tower_g4_firmware:01.08.01:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_tower_g4:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:hp:z2_tower_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_tower_g5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:hp:z2_tower_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*

cpe:2.3:h:hp:z2_tower_g8:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:hp:z238_microtower_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z238_microtower:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:hp:z240_small_form_factor_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z240_small_form_factor:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:hp:z240_tower_firmware:01.83:*:*:*:*:*:*:*

cpe:2.3:h:hp:z240_tower:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:hp:z4_g4_firmware:02.75:*:*:*:*:*:*:*

cpe:2.3:h:hp:z4_g4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:hp:z440_firmware:2.58:*:*:*:*:*:*:*

cpe:2.3:h:hp:z440:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:hp:z6_g4_firmware:02.75:*:*:*:*:*:*:*

cpe:2.3:h:hp:z6_g4:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:hp:z640_firmware:2.58:*:*:*:*:*:*:*

cpe:2.3:h:hp:z640:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:hp:z8_g4_firmware:02.75:*:*:*:*:*:*:*

cpe:2.3:h:hp:z8_g4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:hp:z840_firmware:2.58:*:*:*:*:*:*:*

cpe:2.3:h:hp:z840:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:hp:zcentral_4r_firmware:01.18:*:*:*:*:*:*:*

cpe:2.3:h:hp:zcentral_4r:-:*:*:*:*:*:*:*

History

29 Apr 2025, 05:15

Type	Values Removed	Values Added
CWE		CWE-94

21 Nov 2024, 06:22

Type	Values Removed	Values Added
References	~~() https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770 - Vendor Advisory~~	() https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770 - Vendor Advisory
Summary		(es) Se ha identificado una posible vulnerabilidad de seguridad en HP Workstation BIOS (firmware UEFI) que puede permitir la ejecución de código arbitrario. HP está lanzando mitigaciones de firmware para la posible vulnerabilidad.

Information

Published : 2022-12-12 13:15

Updated : 2025-04-29 05:15

NVD link : CVE-2021-3661

Mitre link : CVE-2021-3661

CVE.ORG link : CVE-2021-3661

JSON object : View

Products Affected

z4_g4_firmware
z2_mini_g4_firmware
z6_g4_firmware
z2_mini_g5
z238_microtower_firmware
z440_firmware
zcentral_4r_firmware
z2_tower_g5
z2_small_form_factor_g5
z240_small_form_factor_firmware
z8_g4
z2_tower_g8_firmware
z2_tower_g5_firmware
z240_tower
z1_all-in-one_g3_firmware
z2_tower_g8
z240_small_form_factor
z8_g4_firmware
z2_mini_g3
z2_small_form_factor_g8_firmware
z640_firmware
z640
z840_firmware
z6_g4
z2_mini_g5_firmware
z4_g4
z2_tower_g4_firmware
z2_mini_g3_firmware
z2_tower_g4
z238_microtower
z440
zcentral_4r
z2_small_form_factor_g5_firmware
z840
z1_all-in-one_g3
z2_small_form_factor_g4
z2_small_form_factor_g8
z240_tower_firmware
z2_mini_g4
z2_small_form_factor_g4_firmware

CWE

NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2021-3661", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2022-12-12T13:15:11.693", "references": [{"url": "https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://support.hp.com/us-en/document/ish_5670997-5671021-16/hpsbhf03770", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability."}, {"lang": "es", "value": "Se ha identificado una posible vulnerabilidad de seguridad en HP Workstation BIOS (firmware UEFI) que puede permitir la ejecuci\u00f3n de c\u00f3digo arbitrario. HP est\u00e1 lanzando mitigaciones de firmware para la posible vulnerabilidad."}], "lastModified": "2025-04-29T05:15:40.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z1_all-in-one_g3_firmware:01.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52CB7D08-E352-49F5-8715-5055DDBDBD5B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z1_all-in-one_g3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31DD86B2-0702-45EB-9CFE-E1F363E21CB3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_mini_g3_firmware:01.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C60E47B-10F8-4238-9CED-979915F10C53"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_mini_g3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E8E325E-4FB5-4BBD-8301-3655EE4C8E82"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_mini_g4_firmware:01.08.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68BFE14B-F4C7-460E-B075-40E413C437D2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_mini_g4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2AAB843A-8C23-4155-AA9A-A9638844B649"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_mini_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30EF73CD-3EFC-41E6-99D2-EA225F9A2996"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_mini_g5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A6F7EA4-D933-4043-8443-DB2D042161B7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_small_form_factor_g4_firmware:01.08.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B369AF9A-02BC-4105-91AD-AAABAB25371E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_small_form_factor_g4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28D8DCE4-417D-447E-B30C-44B2AAE950F1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_small_form_factor_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51440732-CE12-41FF-95AD-3D98511741B2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_small_form_factor_g5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "078C37DD-2BF5-40D0-8607-38D290DF3C92"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_small_form_factor_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78099425-DF2D-4D4E-B4CA-AC547DBDFC9F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_small_form_factor_g8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D3E8CE5-62F0-47ED-A8AC-47E7AC1920FB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_tower_g4_firmware:01.08.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D924016-9A41-4C27-BA5F-7B50C065097B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_tower_g4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E8CAC1DA-DC4B-470C-A351-278833DEF95A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_tower_g5_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B13189CB-2B18-4878-A623-3A58D933F2B5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_tower_g5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "62BD85D3-FE64-4879-8D6F-BD833DF70C72"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z2_tower_g8_firmware:01.03.00_rev_a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A89C5A54-D2FC-4686-ACA7-AC3719617F7D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z2_tower_g8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CEB82416-14CC-40F5-B1C0-1157A3EE7CFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z238_microtower_firmware:01.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F88D2DE-32FD-4490-BC0A-760966C22901"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z238_microtower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4463B53C-10C9-4FCC-B209-7D3D0C04DF72"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z240_small_form_factor_firmware:01.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81E7AEB0-6D4D-4DE9-A9F6-EC8BF3DC62D2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z240_small_form_factor:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0EA50241-E9BA-4B45-8450-76E83E64EB4D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z240_tower_firmware:01.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E96E9CDC-1F2E-4F17-8A16-0F9B6E6926D6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z240_tower:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "22F00DA1-F06E-4684-AFDD-540F4A95D25E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z4_g4_firmware:02.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "216E6993-EC43-4A51-971F-F92AC8DDECFF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z4_g4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30BA646E-8BC4-4EFF-85A2-5F67781151A6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z440_firmware:2.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CAEEACE-2F7A-429C-96A0-94784BA7DCB0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z440:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2561F9F-C603-46AA-A6FD-7BF864DA46C7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z6_g4_firmware:02.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF1E074E-6EFC-4265-BD06-D9DDDC75C3DF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z6_g4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "031EB2C6-6DC9-40FF-9720-B667BCAB6643"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z640_firmware:2.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACA5EDF8-AC00-4C0E-B0F3-43A61680553B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z640:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F0ABEB94-77A8-413D-A133-955BC1C59D84"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z8_g4_firmware:02.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "531759D8-8F35-46C7-8580-6AB503125264"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z8_g4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A13690A-BCCD-4C6A-93A5-B4B889823AA7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:z840_firmware:2.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1908464A-E5AC-4636-A524-BF7BD147D572"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:z840:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E24183E-7790-425B-85C7-DBA62DE9DD2F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:zcentral_4r_firmware:01.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8466E68-60E7-4332-BDF8-221EEEA81A5C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:zcentral_4r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "619F29C4-D227-4DFC-9DC2-828CA4F94A37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}

8.4 /10