16 Vulnerabilities Found In Firmware Of HP Enterprise Devices

It has been reported that firmware security company Binarly has discovered at least 13 serious vulnerabilities affecting BIOS firmware present on devices by HP and possibly other manufacturers, resulting in a total of 15 CVE identifiers. The vulnerabilities have been characterized as stack overflows, heap overflows, and corruption of memory. All of these security holes have been assigned “high severity” ratings. The flaws affect a wide range of enterprise products made by HP, including desktop, laptop, point-of-sale, and edge computing devices.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Debrup Ghosh
Debrup Ghosh , Senior Product Manager
InfoSec Expert
March 11, 2022 12:15 pm

Inadequate security capabilities, lack of real-time vulnerability patching (like updating firmware), and lack of consumer awareness are key drivers for repeated attacks on Internet of Thing (IoT) devices. Because IoT devices can have several types of interfaces (e.g., web-based interfaces for consumers or object interfaces for governance-as-code applications such as control systems), it’s critical to test for input validation, command injection, and code injection using a full spectrum of security tools. Currently, we find that even though many organisations probably conducted their own transparent box security testing—such as static analysis and open source analysis, it’s critical to complement that with dynamic analysis, mobile, and penetration testing.

Last edited 8 months ago by Debrup Ghosh
Would love your thoughts, please comment.x