CVE-2021-39297 — Vulnetix

CVE-2021-39297 PUBLISHED

BRLY-2021-003 High CVE-2021-39297 BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a local privileged user to access UEFI Runtime DXE application and execute arbitrary code.

EPSS 0.37% · 59.1th percentile

Risk Scores

EPSS Score

0.37%

59.1th percentile

Exploit Intelligence

https://support.hp.com/us-en/document/ish_5661066-5661090-16 (circl)

Timeline

Feb 4, 2022 CVE Published
Feb 17, 2022 EPSS Score
Mar 8, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Sep 15, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Dec 28, 2022 EPSS Score
Feb 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score
Jun 2, 2023 EPSS Score

References

The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices. advisory
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices. advisory

Open in Interactive Console →