CVE-2023-5409 - Vulnerability Details - OpenCVE

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	T430 Thin Client T430 Thin Client Firmware T638 Thin Client T638 Thin Client Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hp:t430_thin_client_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:t430_thin_client:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:t638_thin_client_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:t638_thin_client:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.hp.com/us-en/document/ish_9441200-9441233-16

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2023-10-13T16:15:34.743Z

Updated: 2024-08-02T07:59:44.712Z

Reserved: 2023-10-04T18:09:07.324Z

Link: CVE-2023-5409

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-10-13T17:15:09.713

Modified: 2024-11-21T08:41:42.950

Link: CVE-2023-5409

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:t430_thin_client_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D57D386-8265-4EF7-B88A-A57F68233E1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:t430_thin_client:-:*:*:*:*:*:*:*", "matchCriteriaId": "33625E33-810C-441F-BFEC-A62CF2DC57BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:t638_thin_client_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "86E50369-0AA4-41E1-A0BA-18C5C3F7FE91", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:t638_thin_client:-:*:*:*:*:*:*:*", "matchCriteriaId": "088B2E46-7977-4F8B-B440-471E188A84C3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability."}, {"lang": "es", "value": "HP es consciente de una posible vulnerabilidad de seguridad en las PC Thin Client HP t430 y t638. Estos modelos pueden ser susceptibles a un ataque f\u00edsico, lo que permite que una fuente no confiable altere el firmware del sistema utilizando una clave privada divulgada p\u00fablicamente. HP proporciona orientaci\u00f3n recomendada para que los clientes reduzcan la exposici\u00f3n a la vulnerabilidad potencial."}], "id": "CVE-2023-5409", "lastModified": "2024-11-21T08:41:42.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-13T17:15:09.713", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_9441200-9441233-16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.hp.com/us-en/document/ish_9441200-9441233-16"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}