What is CVE-2021-3809?

CVE-2021-3809 is a high-severity vulnerability in Hp Elitebook_1040_g4, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2023-02-01.

How severe is CVE-2021-3809?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2021-3809 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Hp Elitebook_1040_g4

CVE-2021-3809

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability class: Privilege Escalation

EPSS: 0.002 (15.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hp Elitebook_1040_g4
Hp Elitebook_1040_g4_firmware — versions 1.41
Hp Elitebook_1050_g1
Hp Elitebook_1050_g1_firmware — versions 01.19.00
Hp Elitebook_725_g4
Hp Elitebook_725_g4_firmware — versions 1.4
Hp Elitebook_735_g5
Hp Elitebook_735_g5_firmware — versions 01.20.00
Hp Elitebook_735_g6
Hp Elitebook_735_g6_firmware — versions 01.19.00

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

Public proof-of-concept exploits

Jolx77/TP3_

References

hp-security-alert@hp.com (Vendor Advisory)

Frequently asked questions

What is CVE-2021-3809?: CVE-2021-3809 is a high-severity vulnerability in Hp Elitebook_1040_g4, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2023-02-01.
How severe is CVE-2021-3809?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2021-3809 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.