Notification

Icon
Error

HP BIOS Vulnerability

Posted: Thursday, May 12, 2022 1:10:58 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 2,187
1
Like
Two new vulnerabilities have been fixed for 200+ HP models, you can find the audit in the HP BIOS vulnerability blog post.
Options
snigah
#1snigah Member Posts: 14  
posted: 5/18/2022 9:28:00 PM(UTC)
Hi,

Question. How can we make it work correct. we have lots of false positives, because it doesn't compare current Bios version against the fixed one.

Just one example:

the R72 is current and 01.20.00 where 01.12.00 is the fixed version.

R72 Ver. 01.20.00 R72 Ver. 01.20.00 3 1 2022-03-18 01.12.00
1
JakeST
#2JakeST Member Posts: 2  
posted: 5/19/2022 3:43:06 PM(UTC)
Originally Posted by: snigah Go to Quoted Post
Hi,

Question. How can we make it work correct. we have lots of false positives, because it doesn't compare current Bios version against the fixed one.

Just one example:

the R72 is current and 01.20.00 where 01.12.00 is the fixed version.

R72 Ver. 01.20.00 R72 Ver. 01.20.00 3 1 2022-03-18 01.12.00


Same here. It would be nice to have this compare and only show vulnerable machines, or color code ones that are updated vs ones that aren't.
0
Esben.D
#3Esben.D Member Administration Original PosterPosts: 2,187  
posted: 5/20/2022 8:44:52 AM(UTC)
I totally agree. The problem is that BIOS versions come in all sizes and shapes and unless I investigate all affected models it's not possible for me to create a condition that will reliably work.

For example, many BIOS versions will have letters in them which would break any comparison of versions when you're trying to check if 20 > 2B.
1

Active Discussions

Lansweeper Version 10.2.0.0
by  ThomasK   Go to last post Go to first unread
Last post: Today at 6:11:28 AM(UTC)
Lansweeper Certificates
by  Orion Poplawski   Go to last post Go to first unread
Last post: 7/1/2022 10:11:12 PM(UTC)
Lansweeper Lansweeper sends "Lansweeper Connection Test" emails every minute.
by  FrankSc   Go to last post Go to first unread
Last post: 7/1/2022 2:03:59 PM(UTC)
Lansweeper Dell warranty lookup not working
by  LANGuy   Go to last post Go to first unread
Last post: 7/1/2022 1:30:06 PM(UTC)
Lansweeper RedHat 8.5 & SELinux
by  QuelleAcht   Go to last post Go to first unread
Last post: 7/1/2022 1:16:19 PM(UTC)
Lansweeper Suddenly seeing Access Denied scanning errors?
by  Erik.T   Go to last post Go to first unread
Last post: 7/1/2022 9:38:17 AM(UTC)
Lansweeper Single Line report with H/D
by  Ioannis   Go to last post Go to first unread
Last post: 7/1/2022 7:53:23 AM(UTC)
Lansweeper Lansweeper Dark Theme
by  mrobbins   Go to last post Go to first unread
Last post: 6/30/2022 5:38:01 PM(UTC)