HP Hp Z2 Tower G5

CPE Details

HP Hp Z2 Tower G5
hp
hp_z2_tower_g5
-
2023-02-10
11h24 +00:00
2023-02-14
13h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*

Informations

Vendor

hp

Product

hp_z2_tower_g5

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-29066 2023-11-28 20h36 +00:00 The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
3.5
Low
CVE-2023-29065 2023-11-28 20h35 +00:00 The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
4.3
Medium
CVE-2023-29064 2023-11-28 20h35 +00:00 The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
4.3
Medium
CVE-2023-29063 2023-11-28 20h34 +00:00 The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
2.4
Low
CVE-2023-29062 2023-11-28 20h34 +00:00 The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
3.8
Low
CVE-2023-29061 2023-11-28 20h33 +00:00 There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
5.2
Medium
CVE-2023-29060 2023-11-28 20h07 +00:00 The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
5.7
Medium
CVE-2021-3809 2023-01-30 20h53 +00:00 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
7.8
High
CVE-2021-3808 2023-01-30 20h52 +00:00 Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.