16 Vulnerabilities Found In Firmware Of HP Enterprise Devices

It has been reported that firmware security company Binarly has discovered at least 13 serious vulnerabilities affecting BIOS firmware present on devices by HP and possibly other manufacturers, resulting in a total of 15 CVE identifiers. The vulnerabilities have been characterized as stack overflows, heap overflows, and corruption of memory. All of these security holes have been assigned “high severity” ratings. The flaws affect a wide range of enterprise products made by HP, including desktop, laptop, point-of-sale, and edge computing devices.

Experts Comments

March 11, 2022
Debrup Ghosh
Senior Product Manager
Synopsys Software Integrity Group

Inadequate security capabilities, lack of real-time vulnerability patching (like updating firmware), and lack of consumer awareness are key drivers for repeated attacks on Internet of Thing (IoT) devices. Because IoT devices can have several types of interfaces (e.g., web-based interfaces for consumers or object interfaces for governance-as-code applications such as control systems), it’s critical to test for input validation, command injection, and code injection using a full spectrum of

.....Read More

Inadequate security capabilities, lack of real-time vulnerability patching (like updating firmware), and lack of consumer awareness are key drivers for repeated attacks on Internet of Thing (IoT) devices. Because IoT devices can have several types of interfaces (e.g., web-based interfaces for consumers or object interfaces for governance-as-code applications such as control systems), it’s critical to test for input validation, command injection, and code injection using a full spectrum of security tools. Currently, we find that even though many organisations probably conducted their own transparent box security testing—such as static analysis and open source analysis, it’s critical to complement that with dynamic analysis, mobile, and penetration testing.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.