hp-support-head-portlet

Actions
Loading...
HP Customer Support - Knowledge Base

hp-contact-secondary-navigation-portlet

Actions
Loading...

hp-share-print-widget-portlet

Actions
Loading...
  • Information
    Learn how to upgrade to Windows 11

    Windows 11 Upgrade Guide

  • Feedback

hp-concentra-wrapper-portlet

Actions
Loading...

2021.1 IPU - Intel® CSME, SPS and LMS Security Updates

Intel has informed HP of potential security vulnerabilities in the Intel® Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), and Intel® Local Manageability Service (Intel® LMS) which may allow escalation of privilege or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.

Severity

Medium

HP Reference

HPSBHF03734 Rev. 2

Release date

June 8, 2021

Last updated

July 7, 2021

Category

PC

Potential Security Impact

Escalation of Privilege, Information Disclosure

Relevant Common Vulnerabilities and Exposures (CVE) List

Reported by: Intel

List of CVE IDs

CVE ID

Base Score

Base Vector

Vendor ID

CVE-2020-24509

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N

INTEL-SA-00459

CVE-2020-8704

6.7

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

INTEL-SA-00459

CVE-2020-24507

6.0

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

INTEL-SA-00459

CVE-2020-24516

5.3

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

INTEL-SA-00459

CVE-2020-8703

5.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

INTEL-SA-00459

CVE-2020-24506

4.4

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

INTEL-SA-00459

Learn more about CVSS 3.1 base metrics, which range from 0 to 10.

PSR: PSR-2021-0101

Resolution

Intel has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities.

Newer versions may become available and the minimum versions listed below may become obsolete.  If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.

HP recommends keeping your system up to date with the latest firmware and software.

Note:

This bulletin might be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive:

  • Product support eAlerts

  • Driver updates

  • Security Bulletin updates

Softpaqs and affected products

Find the SoftPaqs that resolve the vulnerabilities of your system.

SoftPaq Status

A status is provided if no SoftPaq is listed for a particular product.

  • Pending: SoftPaq is in progress.

  • Under investigation: System under investigation for impact, or the SoftPaq is under investigation for feasibility/availability.

  • Not available: SoftPaq not available due to technical or logistical constraints.

  • Check Support Page: The listed SoftPaq has been removed from the download site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site.