TOCTOU Vulnerability in HP PC Products with AMI UEFI Firmware: Arbitrary Code Execution Risk

TOCTOU Vulnerability in HP PC Products with AMI UEFI Firmware: Arbitrary Code Execution Risk

CVE-2023-26299 · HIGH Severity

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.

Learn more about our Cis Benchmark Audit For Apple Ios.