CVE-2023-26300

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability.

Published: Oct 18, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-26300
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hp / desktop_pro_a_300_g3_firmware	-	f.13
hp / desktop_pro_a_g3_firmware	-	f.13
hp / desktop_pro_a_g3_microtower_firmware	-	f.13
hp / zhan_66_pro_a_g1_r_microtower_firmware	-	f.13
hp / t638_thin_client_firmware	-	00.01.13
hp / stream_11_pro_g5_firmware	-	f.18
hp / 240_g10_firmware	-	f.05
hp / 240_g6_firmware	-	f.55
hp / 240_g7_firmware	-	f.75
hp / 240_g9_firmware	-	f.06
hp / 245_g10_firmware	-	f.06
hp / 245_g7_firmware	-	f.70
hp / 245_g8_firmware	-	f.26
hp / 245_g9_firmware	-	f.11
hp / 245_firmware	-	f.11
hp / 246_g6_firmware	-	f.55
hp / 246_g7_firmware	-	f.75
hp / 247_g8_firmware	-	f.70
hp / 250_g10_firmware	-	f.06
hp / 250_g6_firmware	-	f.73
hp / 250_g7_firmware	-	f.46
hp / 250_g9_firmware	-	f.63
hp / 255_g10_firmware	-	f.09
hp / 255_g6_firmware	-	f.56
hp / 255_g7_firmware	-	f.41
hp / 255_g8_firmware	-	f.37
hp / 255_g9_firmware	-	f.12
hp / 256_g6_firmware	-	f.73
hp / 256_g7_firmware	-	f.46
hp / 258_g6_firmware	-	f.73
hp / 258_g7_firmware	-	f.46
hp / 340_g7_firmware	-	f.39
hp / 348_g7_firmware	-	f.39
hp / 470_g10_firmware	-	f.03
hp / 470_g7_firmware	-	f.70
hp / 470_g9_firmware	-	f.06
hp / stream_11_pro_g4_firmware	-	f.30
hp / zbook_15_g5_mobile_workstation_firmware	-	f.37
hp / zhan_99_g3_mobile_workstation_firmware	-	f.19
hp / zhan_99_g4_mobile_workstation_firmware	-	f.09
hp / 200_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware	-	f.50
hp / 200_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware	-	f.50
hp / 200_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware	-	f.50
hp / 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware	-	f.50
hp / 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware	-	f.50
hp / 200_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware	-	f.50
hp / 205_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware	-	f.50
hp / 205_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware	-	f.50
hp / 205_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware	-	f.50
hp / 205_g8_24_all-in-one_pc_(rom_family_ssid_8923)_firmware	-	f.20
hp / 205_g8_24_all-in-one_pc_(rom_family_ssid_8924)_firmware	-	f.20
hp / 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f2)_firmware	-	f.50
hp / 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f3)_firmware	-	f.50
hp / 205_pro_g4_22_all-in-one_pc_(rom_family_ssid_86f0)_firmware	-	f.50
hp / 205_pro_g8_24_all-in-one_pc_(rom_family_ssid_8923)_firmware	-	f.20
hp / 205_pro_g8_24_all-in-one_pc_(rom_family_ssid_8924)_firmware	-	f.20
hp / 285_g6_microtower_(rom_family_ssid_871e)_firmware	-	f.26
hp / 285_g8_microtower_(rom_family_ssid_870e)_firmware	-	f.30
hp / 285_pro_g6_microtower_(rom_family_ssid_871e)_firmware	-	f.26
hp / 285_pro_g8_microtower_(rom_family_ssid_870e)_firmware	-	f.30
hp / 295_g8_microtower_(rom_family_ssid_870e)_firmware	-	f.30
hp / pro_sff_280_g9_desktop_(rom_family_ssid_89b4)_firmware	-	f.22
hp / pro_sff_280_g9_desktop_(rom_family_ssid_8bc3)_firmware	-	f.12
hp / pro_sff_290_g9_desktop_(rom_family_ssid_89b4)_firmware	-	f.22
hp / pro_sff_290_g9_desktop_(rom_family_ssid_8bc3)_firmware	-	f.12
hp / pro_sff_zhan_66_g9_desktop_(rom_family_ssid_89b4)_firmware	-	f.22
hp / pro_sff_zhan_66_g9_desktop_(rom_family_ssid_8bc3)_firmware	-	f.12
hp / pro_tower_200_g9_desktop_(rom_family_ssid_89b4)_firmware	-	f.22
hp / pro_tower_200_g9_desktop_(rom_family_ssid_89b3)_firmware	-	f.22
hp / pro_tower_200_g9_desktop_(rom_family_ssid_8bc3)_firmware	-	f.12
hp / pro_tower_280_g9_desktop_(rom_family_ssid_89b4)_firmware	-	f.22
hp / pro_tower_280_g9_desktop_(rom_family_ssid_89b3)_firmware	-	f.22
hp / pro_tower_290_g9_desktop_(rom_family_ssid_89b4)_firmware	-	f.22
hp / pro_tower_290_g9_desktop_(rom_family_ssid_89b3)_firmware	-	f.22
hp / pro_tower_290_g9_desktop_(rom_family_ssid_8bc3)_firmware	-	f.12
hp / pro_tower_zhan_99_g9_desktop_(rom_family_ssid_89b4)_firmware	-	f.22
hp / pro_tower_zhan_99_g9_desktop_(rom_family_ssid_89b3)_firmware	-	f.22
hp / pro_tower_zhan_99_g9_desktop_(rom_family_ssid_8b3c)_firmware	-	f.12
hp / proone_240_g10_(rom_family_ssid_8b4d)_firmware	-	f.10
hp / proone_240_g10_(rom_family_ssid_8b4c)_firmware	-	f.05
hp / proone_240_g9_(rom_family_ssid_89eb)_firmware	-	f.20
hp / vr_backpack_g2_(rom_family_ssid_8590)_firmware	-	f.29
hp / zhan_66_pro_a_g10_(rom_family_ssid_8b4e)_firmware	-	f.05
hp / zhan_66_pro_a_g4_all-in-one_pc_(rom_family_ssid_8923)_firmware	-	f.20
hp / zhan_66_pro_a_g4_all-in-one_pc_(rom_family_ssid_8924)_firmware	-	f.20
hp / zhan_99_pro_a_g2_microtower_(rom_family_ssid_871e)_firmware	-	f.20
hp / 255_g8_(rom_family_ssid_87d1)_firmware	-	f.37
hp / 255_g8_(rom_family_ssid_8905)_firmware	-	f.37
hp / 255_g8_(rom_family_ssid_890e)_firmware	-	f.37

https://support.hp.com/us-en/document/ish_9461800-9461828-16

Vulnerability Database

310,056

CVE-2023-26300

Deep Security Visibility Without the Complexity