CVE-2023-5409

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_9441200-9441233-16	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:t430_thin_client_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:t430_thin_client:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:t638_thin_client_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hp:t638_thin_client:-:*:*:*:*:*:*:*

History

20 Oct 2023, 15:42

Type	Values Removed	Values Added
CPE		cpe:2.3:h:hp:t430_thin_client:-:::::::* cpe:2.3:o:hp:t638_thin_client_firmware:-:::::::* cpe:2.3:o:hp:t430_thin_client_firmware:-:::::::* cpe:2.3:h:hp:t638_thin_client:-:::::::*
First Time		Hp t430 Thin Client Firmware Hp t638 Thin Client Hp t430 Thin Client Hp t638 Thin Client Firmware Hp
References	~~(MISC) https://support.hp.com/us-en/document/ish_9441200-9441233-16 -~~	(MISC) https://support.hp.com/us-en/document/ish_9441200-9441233-16 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8
CWE		NVD-CWE-noinfo

13 Oct 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-13 17:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-5409

Mitre link : CVE-2023-5409

CVE.ORG link : CVE-2023-5409

JSON object : View

Products Affected

hp

t430_thin_client
t638_thin_client
t638_thin_client_firmware
t430_thin_client_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-5409", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2023-10-13T17:15:09.713", "references": [{"url": "https://support.hp.com/us-en/document/ish_9441200-9441233-16", "tags": ["Patch", "Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability."}, {"lang": "es", "value": "HP es consciente de una posible vulnerabilidad de seguridad en las PC Thin Client HP t430 y t638. Estos modelos pueden ser susceptibles a un ataque f\u00edsico, lo que permite que una fuente no confiable altere el firmware del sistema utilizando una clave privada divulgada p\u00fablicamente. HP proporciona orientaci\u00f3n recomendada para que los clientes reduzcan la exposici\u00f3n a la vulnerabilidad potencial."}], "lastModified": "2023-10-20T15:42:22.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:t430_thin_client_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D57D386-8265-4EF7-B88A-A57F68233E1E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:t430_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33625E33-810C-441F-BFEC-A62CF2DC57BF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:t638_thin_client_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86E50369-0AA4-41E1-A0BA-18C5C3F7FE91"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:t638_thin_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "088B2E46-7977-4F8B-B440-471E188A84C3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}