Security researchers at Binarly have reportedly uncovered six high-severity firmware vulnerabilities. The vulnerabilities were detected over the course of the past year and were first revealed at the Black Hat 2022 conference. The flaw affect HP EliteBook devices and range in severity scores from 7.5 to 8.2. The attacker could leverage the vulnerabilities to install a malicious implant on the firmware, security researchers say, as a modified legitimate module. According to a recently-released report, the impact of targeting firmware by threat actors is often underestimated. These flaws could allow an attacker to bypass Secure Boot and influence additional boot stages.
In addition, Binarly warned that some of the vulnerabilities disclosed and discussed at Black Hat have not yet been patched, making them more attractive targets for threat actors. The advisory states that although the flaws have been publicly disclosed for over a month, some HP enterprise devices such as laptops and desktops have not received updates that address all of the vulnerabilities.
Read More: High Severity Vulnerabilities Found in HP Enterprise Devices