TOCTOU Vulnerability in HP PC Products with AMI UEFI Firmware: Arbitrary Code Execution Risk
CVE-2023-26299 · HIGH Severity
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability.
Learn more about our Cis Benchmark Audit For Apple Ios.