F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution.
The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP -

13.1.5
14.1.4.6 - 14.1.5
15.1.5.1 - 15.1.8
16.1.2.2 - 16.1.3, and
17.0.0

"A format string vulnerability exists in iControl SOAP

Network Security / Vulnerability

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution.

The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP -

*   13.1.5
*   14.1.4.6 - 14.1.5
*   15.1.5.1 - 15.1.8
*   16.1.2.2 - 16.1.3, and
*   17.0.0

"A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code," the company said in an advisory. "In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary."

Tracked as CVE-2023-22374 (CVSS score: 7.5/8.5), security researcher Ron Bowes of Rapid7 has been credited with discovering and reporting the flaw on December 6, 2022.

Given that the iCOntrol SOAP interface runs as root, a successful exploit could permit a threat actor to remotely trigger code execution on the device as the root user. This can be achieved by inserting arbitrary format string characters into a query parameter that's passed to a logging function called syslog, Bowes said.

F5 noted that it has addressed the problem in an engineering hotfix that is available for supported versions of BIG-IP. As a workaround, the company is recommending users restrict access to the iControl SOAP API to only trusted users.

**Cisco Patches Command Injection Bug in Cisco IOx**

The disclosure comes as Cisco released updates to fix a flaw in Cisco IOx application hosting environment (CVE-2023-20076, CVSS score: 7.2) that could open the door for an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system.

The vulnerability impacts devices running Cisco IOS XE Software and have the Cisco IOx feature enabled, as well as 800 Series Industrial ISRs, Catalyst Access Points, CGR1000 Compute Modules, IC3000 Industrial Compute Gateways, IR510 WPAN Industrial Routers.

Cybersecurity firm Trellix, which identified the issue, said it could be weaponized to inject malicious packages in a manner that can persist system reboots and firmware upgrades, leaving which can only be removed after a factory reset.

"A bad actor could use CVE-2023-20076 to maliciously tamper with one of the affected Cisco devices anywhere along this supply chain," it said, warning of the potential supply chain threats. "The level of access that CVE-2023-20076 provides could allow for backdoors to be installed and hidden, making the tampering entirely transparent for the end user."

While the exploit requires the attacker to be authenticated and have admin privileges, it's worth noting that adversaries can find a variety of ways to escalate privileges, such as phishing or by banking on the possibility that users may have failed to change the default credentials.

Also discovered by Trellix is a security check bypass during TAR archive extraction, which could allow an attacker to write on the underlying host operating system as the root user.

The networking equipment major, which has since remediated the defect, said the vulnerability poses no immediate risk as "the code was put there for future application packaging support."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group.

A cyberattack on a subsidiary of a Dublin-based financial technology and trading firm ION Group has disrupted transactions for dozens of major clients in both Europe and the United States, impacting the market for exchange-traded derivatives, the firm and other sources stated this week.

The attack, reportedly carried out by the Russia-linked LockBit ransomware group, has resulted in the trading company isolating servers and taking them offline. The company's subsidiary ION Cleared Derivatives, which provides order management and execution services, acknowledged the "cybersecurity event" in a statement on Jan. 31.

"The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Cleared Derivatives said in a statement, adding that it would provide further updates as more information becomes available.

Derivatives are financial instruments whose value is tied to an underlying asset or a benchmark, such as the price of oil, portfolios of debt, or stocks. The four broad categories of derivatives are options, futures, swaps, and forwards, with massive sums traded every day. The value of assets traded as options and futures in North America, for example, totaled $30.1 trillion and $23.5 trillion, respectively, in the third quarter last year, according to the Bank for International Settlements.

The cyberattack on ION Cleared Derivatives has affected at least 42 of the company's clients, disrupting their processing of derivative trades, according to a Bloomberg News report. Several members of two large industry groups in the United States — the CME Group and Intercontinental Exchange — have also been impacted by the attack on the ION Group, an article in the Financial Times stated.

    

The LockBit group claims they have hacked ION Group's network. Source: Recorded Future

The Futures Industry Associations (FIA) — which represents one area of derivatives, futures contracts — is investigating the attack's effects on its members, the group said in a statement.

"FIA is aware of network issues caused by a cyber incident on certain ION Group systems which are impacting the trading and clearing of exchange traded derivatives by ION customers across global markets," the group stated. "We are working with impacted members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing, and clearing."

**LockBit Claims Credit for Carnage**

The infamous LockBit group — responsible for recent attacks on the Hospital for Sick Children in Toronto and a host of chemical and industrial targets — posted a breach notice to its extortion site on Feb. 2 naming the ION Group as a victim. In addition, a ransom note, purportedly from the group, is currently circulating on private forums and names the ION Group as a compromised business, says Allan Liska, a senior analyst with threat intelligence firm Recorded Future.

How the LockBit group gained access to the ION Group's subsidiary and the extent of the damage are questions that will likely take a while to answer, Liska says.

"Unfortunately, not a lot is known yet about the tools used in the attack," he says. "The ION Group is likely still assessing the damage and conducting incident response and disaster recovery, so they may not know the full scope yet."

The LockBit cybercrime group uses a ransomware-as-a-service (RaaS) model, creating the tools to compromise and infect victims and then relying on affiliates to infect companies, healthcare organizations, and government agencies. While ransomware groups relied in the past on encrypting data and holding the keys for ransom, the modern variant of the scheme typically also steals sensitive data and threatens its release.

**How Widespread Is the ION Attack's Impact?**

The immediate impact to clients of ION Cleared Derivatives' services is that the post-trade processes — such as "trade matching and keeping track of risk and margin requirements" activities normally automated by the company's services — have to be completed manually, according to the Financial Times.

Yet the service outage is also affecting markets in the United States and parts of Asia, underscoring the interconnectedness of today's financial and technological infrastructure.

"ION Group is used by financial institutions all over the world, so this attack is likely having wide-ranging impact on those institutions," Record Future's Liska says. "This is, unfortunately, an increasingly common problem with ransomware attacks: The attack doesn't just impact the affected organization but every organization that organization works with."

While the attack has had widespread — and in some cases, surprising — effects, a senior US Treasury official stated that the disruption to the ION Cleared Derivative's platform does not pose a "systemic risk to the financial sector," according to Bloomberg News.

Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally

By Owais Sultan
What is a CDN? How can businesses benefit from a CDN? and What to look for in a CDN provider?
This is a post from HackRead.com Read the original post: Content Delivery Network (CDN) FAQs

Content Delivery Networks (CDNs) have become increasingly popular among businesses of all sizes in recent years. They offer a host of benefits to businesses, which can help to aid the smooth running of operations and boost reputation, efficiency, reliability, security, and the business’s bottom line. This is why they have gained such popularity among businesses in a wide variety of industries.

If you are considering investing in CDN services, you need to ensure you choose the right solution and provider for your business’s needs. Additionally, you should do thorough research to learn how these solutions can help your business.

You can learn about everything from the convenience of integrated CDN solutions to how CDN can help your business when you conduct research. Looking at FAQs about CDN services and solutions can also help; we have provided a sample of common questions and answers below.

**Some Common Questions**

If you want to get to grips with CDN solutions and how they could help your business, here are a few of the many common questions and answers:

**What Is a Content Delivery Network?**

A CDN is a collection of servers that are geographically distributed and work in tandem to ensure the speedy, efficient, and reliable delivery of internet content. It enables the swift transfer of assets required for loading Internet content, including javascript files, HTML pages, videos, images, and more.

The popularity of CDNs means that most web traffic is served through them, including for high-traffic sites such as Facebook and Amazon.

**Does a CDN Replace Web Hosting?**

Another common question is whether a CDN replaces web hosting; the answer is no. CDNs do not host content, but they do help to cache content to improve performance. Standard hosting services often do little to boost performance; this is where a CDN can help. By reducing hosting bandwidth through caching, the CDN can help improve performance, reduce interruptions, boost security, and even cut costs.

**How Can Businesses Benefit from a CDN?**

Following the previous question and answer, there are many ways in which businesses can benefit from CDNs, boosting their popularity. You will find that this is a cost-effective solution; it can reduce downtime, boost performance, provide greater security, and help to speed things up, among other things.

**What Do You Look for in a CDN Provider?**

Many people are eager to know what they should look for in a CDN service provider, and there are several key factors to keep in mind. Of course, the cost of the solution is an important factor to help keep your business within budget.

However, you also need to look at things such as DNS response times, network connectivity, throughput and wait times, and cache hit-or-miss ratios, among other things.

**Conclusion**

In conclusion, Content Delivery Networks are a powerful tool for businesses that need to improve their website’s performance, scalability and security. With the help of this FAQ, we hope that readers have been able to better understand the basics of CDNs and can now decide whether they should consider using one for their website.

As with any technology, there are both advantages and disadvantages that must be considered before investing in a Content Delivery Network.

1.  Cloud Hacking – Why API Remains the Biggest Threat?
2.  VPS Hosting Vs. Dedicated Servers – Which Is Better?
3.  Managed Cloud Hosting vs. Unmanaged Cloud Hosting
4.  5 WordPress Security Solutions with Free SSL Certificates
5.  How Web Application Firewall (WAF) protects your website

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Content Delivery Network (CDN) FAQs

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

**oss-sec mailing list archives**

_From_: Pietro Borrello <borrello () diag uniroma1 it>  
_Date_: Wed, 25 Jan 2023 23:33:09 +0100  

Hi all,

I'm disclosing a Use After Free that may be triggered when plugging in a
malicious USB device, which advertises itself as a bigben device.

The device uses a worker \`bigben\_worker\` scheduled by bigben\_set\_led() to
communicate with the hardware.
The work\_struct is embedded in \`struct bigben\_device\`, and at device removal,
\`struct bigben\_device\` is freed.

However, concurrently with device removal, the LED controller bigben\_set\_led()
may schedule a worker whose use would result in a use-after-free.

Following the debug check triggered by freeing a work\_struct in use:
\`\`\`
\[   37.803135\]\[ T1170\] usb 1-1: USB disconnect, device number 2
\[   37.827979\]\[ T1170\] ODEBUG: free active (active state 0) object
type: work\_struct hint: bigben\_worker+0x0/0x860
\[   37.829634\]\[ T1170\] WARNING: CPU: 0 PID: 1170 at
lib/debugobjects.c:505 debug\_check\_no\_obj\_freed+0x43a/0x630
\[   37.830904\]\[ T1170\] Modules linked in:
\[   37.831413\]\[ T1170\] CPU: 0 PID: 1170 Comm: kworker/0:3 Not tainted
6.1.0-rc4-dirty #43
\[   37.832465\]\[ T1170\] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
\[   37.833751\]\[ T1170\] Workqueue: usb\_hub\_wq hub\_event
\[   37.834409\]\[ T1170\] RIP: 0010:debug\_check\_no\_obj\_freed+0x43a/0x630
\[   37.835218\]\[ T1170\] Code: 48 89 ef e8 28 82 58 ff 49 8b 14 24 4c 8b
45 00 48 c7 c7 40 5f 09 87 48 c7 c6 60 5b 09 87 89 d9 4d 89 f9 31 c0
e8 46 25 ef fe <0f> 0b 4c 8b 64 24 20 48 ba 00 00 00 00 00 fc ff df ff
05 4f 7c 17
\[   37.837667\]\[ T1170\] RSP: 0018:ffffc900006fee60 EFLAGS: 00010246
\[   37.838503\]\[ T1170\] RAX: 0d2d19ffcded3d00 RBX: 0000000000000000
RCX: ffff888117fc9b00
\[   37.839519\]\[ T1170\] RDX: 0000000000000000 RSI: 0000000000000000
RDI: 0000000000000000
\[   37.840570\]\[ T1170\] RBP: ffffffff86e88380 R08: ffffffff8130793b
R09: fffff520000dfd85
\[   37.841618\]\[ T1170\] R10: fffff520000dfd85 R11: 0000000000000000
R12: ffffffff87095fb8
\[   37.842649\]\[ T1170\] R13: ffff888117770ad8 R14: ffff888117770acc
R15: ffffffff852b7420
\[   37.843728\]\[ T1170\] FS:  0000000000000000(0000)
GS:ffff8881f6600000(0000) knlGS:0000000000000000
\[   37.844877\]\[ T1170\] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
\[   37.845749\]\[ T1170\] CR2: 00007f992eaab380 CR3: 000000011834b000
CR4: 00000000001006f0
\[   37.846794\]\[ T1170\] Call Trace:
\[   37.847245\]\[ T1170\]  <TASK>
\[   37.847643\]\[ T1170\]  slab\_free\_freelist\_hook+0x89/0x160
\[   37.848409\]\[ T1170\]  ? devres\_release\_all+0x262/0x350
\[   37.849156\]\[ T1170\]  \_\_kmem\_cache\_free+0x71/0x110
\[   37.849829\]\[ T1170\]  devres\_release\_all+0x262/0x350
\[   37.850478\]\[ T1170\]  ? devres\_release+0x90/0x90
\[   37.851118\]\[ T1170\]  device\_release\_driver\_internal+0x5e5/0x8a0
\[   37.851944\]\[ T1170\]  bus\_remove\_device+0x2ea/0x400
\[   37.852611\]\[ T1170\]  device\_del+0x64f/0xb40
\[   37.853212\]\[ T1170\]  ? kill\_device+0x150/0x150
\[   37.853831\]\[ T1170\]  ? print\_irqtrace\_events+0x1f0/0x1f0
\[   37.854564\]\[ T1170\]  hid\_destroy\_device+0x66/0x100
\[   37.855226\]\[ T1170\]  usbhid\_disconnect+0x9a/0xc0
\[   37.855887\]\[ T1170\]  usb\_unbind\_interface+0x1e1/0x890
\`\`\`

And the KASAN error report:
\`\`\`
\[ 138.349079\]\[  T7\] usb 1-1: USB disconnect, device number 2
\[ 138.381243\]\[ T1175\]
==================================================================
\[ 138.382329\]\[ T1175\] BUG: KASAN: use-after-free in \_\_list\_add\_valid+0x66/0x100
\[ 138.383272\]\[ T1175\] Read of size 8 at addr ffff88810d62de70 by task
systemd-udevd/1175
\[ 138.384238\]\[ T1175\]
\[ 138.384531\]\[ T1175\] CPU: 0 PID: 1175 Comm: systemd-udevd Not tainted
6.1.0-rc4-dirty #30
\[ 138.385541\]\[ T1175\] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
\[ 138.386725\]\[ T1175\] Call Trace:
\[ 138.387145\]\[ T1175\] <TASK>
\[ 138.387515\]\[ T1175\] dump\_stack\_lvl+0x1b1/0x28e
\[ 138.388112\]\[ T1175\] ? nf\_tcp\_handle\_invalid+0x3ff/0x3ff
\[ 138.388961\]\[ T1175\] ? \_\_wake\_up\_klogd+0xdb/0x110
\[ 138.389756\]\[ T1175\] ? panic+0x822/0x822
\[ 138.390246\]\[ T1175\] ? \_printk+0xc0/0x100
\[ 138.390763\]\[ T1175\] print\_address\_description+0x7d/0x340
\[ 138.391454\]\[ T1175\] print\_report+0x107/0x1f0
\[ 138.391995\]\[ T1175\] ? \_\_virt\_addr\_valid+0x211/0x2c0
\[ 138.392625\]\[ T1175\] ? \_\_phys\_addr+0xb5/0x160
\[ 138.393176\]\[ T1175\] ? \_\_list\_add\_valid+0x66/0x100
\[ 138.393782\]\[ T1175\] kasan\_report+0xcd/0x100
\[ 138.394330\]\[ T1175\] ? \_\_list\_add\_valid+0x66/0x100
\[ 138.394955\]\[ T1175\] \_\_list\_add\_valid+0x66/0x100
\[ 138.395542\]\[ T1175\] insert\_work+0x10e/0x3c0
\[ 138.396119\]\[ T1175\] \_\_queue\_work+0xa97/0xde0
\[...\]
\[ 138.403915\]\[ T1175\] \_\_sys\_bind+0x210/0x2b0
\[ 138.404458\]\[ T1175\] ? \_\_ia32\_sys\_socketpair+0xb0/0xb0
\[ 138.405097\]\[ T1175\] ? lockdep\_hardirqs\_on\_prepare+0x428/0x790
\[ 138.405833\]\[ T1175\] \_\_x64\_sys\_bind+0x76/0x80
\[ 138.406378\]\[ T1175\] do\_syscall\_64+0x3d/0x90
\[ 138.406931\]\[ T1175\] entry\_SYSCALL\_64\_after\_hwframe+0x63/0xcd
\[ 138.407689\]\[ T1175\] RIP: 0033:0x7fe2d052d9e7
\[ 138.408241\]\[ T1175\] Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b
0d a8 f4 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 31
00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 f4 2a 00 f7 d8
64 89 01 48
\[ 138.410572\]\[ T1175\] RSP: 002b:00007ffca13ea088 EFLAGS: 00000246
ORIG\_RAX: 0000000000000031
\[ 138.411571\]\[ T1175\] RAX: ffffffffffffffda RBX: 0000560b0c5b0f90 RCX:
00007fe2d052d9e7
\[ 138.412542\]\[ T1175\] RDX: 000000000000000c RSI: 0000560b0c5b0fa0 RDI:
000000000000000e
\[ 138.413525\]\[ T1175\] RBP: 0000000000000000 R08: 0000560b0c5960e0 R09:
0000000000000210
\[ 138.414530\]\[ T1175\] R10: 000000000000000f R11: 0000000000000246 R12:
0000560b0c5a8e94
\[ 138.415494\]\[ T1175\] R13: 0000000000000000 R14: 0000560b0c596010 R15:
0000560b0c596028
\[ 138.416499\]\[ T1175\] </TASK>
\[ 138.416905\]\[ T1175\]
\[ 138.416499\]\[ T1175\] </TASK>
\[ 138.416905\]\[ T1175\]
\[ 138.417197\]\[ T1175\] Allocated by task 7:
\[ 138.417706\]\[ T1175\] kasan\_set\_track+0x3d/0x60
\[ 138.418271\]\[ T1175\] \_\_kasan\_kmalloc+0x7c/0x90
\[ 138.418867\]\[ T1175\] \_\_kmalloc\_node\_track\_caller+0xad/0x1a0
\[ 138.419583\]\[ T1175\] devm\_kmalloc+0x77/0x1a0
\[ 138.420141\]\[ T1175\] bigben\_probe+0x2f/0x770
\[ 138.420678\]\[ T1175\] hid\_device\_probe+0x251/0x3f0
\[...\]
\[ 138.446475\]\[ T1175\]
\[ 138.446775\]\[ T1175\] Freed by task 7:
\[ 138.447232\]\[ T1175\] kasan\_set\_track+0x3d/0x60
\[ 138.447798\]\[ T1175\] kasan\_save\_free\_info+0x2e/0x50
\[ 138.448410\]\[ T1175\] \_\_\_\_kasan\_slab\_free+0xb0/0x100
\[ 138.449039\]\[ T1175\] slab\_free\_freelist\_hook+0x80/0x140
\[ 138.449696\]\[ T1175\] \_\_kmem\_cache\_free+0x71/0x110
\[ 138.450292\]\[ T1175\] devres\_release\_all+0x262/0x350
\[ 138.450925\]\[ T1175\] device\_release\_driver\_internal+0x5e5/0x8a0
\[ 138.451667\]\[ T1175\] bus\_remove\_device+0x2ea/0x400
\[ 138.452293\]\[ T1175\] device\_del+0x64f/0xb40
\[ 138.452825\]\[ T1175\] hid\_destroy\_device+0x66/0x100
\[ 138.453424\]\[ T1175\] usbhid\_disconnect+0x9a/0xc0
\[...\]
\[ 138.462307\]\[ T1175\]
\`\`\`

The proposed patch deregisters the LED controller bigben\_set\_led() before
freeing the device and is currently under discussion with the maintainers.

Best regards,
Pietro Borrello

**Current thread:**

*   **Linux Kernel: hid: Use-After-Free in bigben\_set\_led()** _Pietro Borrello (Jan 25)_

CVE-2023-25012: oss-sec: Linux Kernel: hid: Use-After-Free in bigben_set_led()

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

A security vulnerability has been found in Cisco gear used in data centers, large enterprises, industrial factories, power plants, manufacturing centers, and smart city power grids that could allow cyberattackers unfettered access to these devices and broader networks.

In a report published on Feb. 1, researchers from Trellix revealed the bug, one of two vulnerabilities discovered that affect the following Cisco networking devices:

*   Cisco ISR 4431 routers
*   800 Series Industrial ISRs
*   CGR1000 Compute Modules
*   IC3000 Industrial Compute Gateways
*   IOS XE-based devices configured with IOx
*   IR510 WPAN Industrial Routers
*   Cisco Catalyst Access points

One bug — CSCwc67015 — was spotted in yet-to-be-released code. It could have allowed hackers to remotely execute their own code, and potentially overwrite most of the files on the device.

The second, arguably nastier, bug — CVE-2023-20076 — found in production equipment, is a command-injection flaw that could open the door to unauthorized root-level access and remote code execution (RCE). This would have entailed not just total control over a device's operating system but also persistence through any upgrades or reboots, despite Cisco's guardrails against such a scenario.

Given that Cisco networking equipment is used worldwide in data centers, enterprises, and government organizations, and it's the most common footprint at industrial sites, the impact of the flaws could be notable, according to Trellix.

“In the world of routers, switches, and networking, Cisco is the current king of the market," Sam Quinn, senior security researcher with the Trellix Advanced Research Center, tells Dark Reading. "We would say that thousands of businesses could potentially be impacted.”

**Inside the Latest Cisco Security Bugs**

The two vulnerabilities are a byproduct of a shift in the nature of routing technologies, according to Trellix. Network administrators today have the ability to deploy application containers or even entire virtual machines on these miniature-server-routers. With this greater complexity comes both greater functionality, and a wider attack surface.

"Modern routers now function like high-powered servers," the authors of the report explained, "with many Ethernet ports running not only routing software but, in some cases, even multiple containers."

Both CSCwc67015 and CVE-2023-20076 arise from the router's advanced application hosting environment.

CSCwc67015 reflects how, in the hosting environment, "a maliciously packed application could bypass a vital security check while uncompressing the uploaded application." The check attempted to secure the system against a 15-year-old path traversal vulnerability in a Python module that Trellix itself had identified last September, CVE-2007-4559. With a "moderate" CVSS v3 score of 5.5, it allowed malicious actors to overwrite arbitrary files.

Meanwhile, the bug tracked as CVE-2023-20076 similarly takes advantage of the ability to deploy application containers and virtual machines to Cisco routers. In this case, it has to do with how admins pass commands to run their applications.

"The 'DHCP Client ID' option within the Interface Settings was not correctly being sanitized," the researchers discovered, which allowed them root-level access to the device, connoting "the ability to inject any OS command of our choosing."

A hacker who abused this power "could have a significant impact on the device's functionality and the overall security of the network," Quinn explains, including "modifying or disabling security features, exfiltrating data, disrupting network traffic, spreading malware, and running rogue processes."

The bad news doesn’t end there, though. The authors of the report highlighted how "Cisco heavily prioritizes security in a way that attempts to prevent an attack from remaining a problem through reboots and system resets." However, in a proof-of-concept video, they demonstrated how exploitation of the command-injection bug could lead to completely unfettered access, allowing a malicious container to persist through device reboots or firmware upgrades. This leaves only two possible solutions for removal: a full-on factory reset or manually identifying and removing the malicious code.

**Cisco Industrial Gear: Potential Supply Chain Risk**

If there's a silver lining to these bugs, it's that exploiting either would require admin-level access over a relevant Cisco device. A hurdle, granted, but hackers obtain administrative privileges all the time from their victims, through regular social engineering and escalation. The researchers also noted how, often, users don't bother to change the default username and password, leaving no protection whatsoever for this most sensitive account.

One must also consider the supply chain risk. The authors highlighted how many organizations purchase networking devices from third-party sellers, or use third-party service providers for their device configuration and network design. A malicious vendor could utilize a vulnerability like CVE-2023-20076 to do some very easy, subtle, and powerful tampering.

The sheer degree of access this hole provides "could allow for backdoors to be installed and hidden, making the tampering entirely transparent for the end user," the authors explained. Of course, the overwhelming majority of third-party service providers are perfectly honest businesses. But those businesses may themselves be compromised, making it a moot point.

In concluding their report, the Trellix researchers urged organizations to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don't run containers disable the IOx container framework entirely. Most important of all, they emphasized, was that "organizations with affected devices should update to the latest firmware immediately."

To protect themselves, users should apply the patch as soon as possible.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

**CVE-2023-23131**

CVE-2023-23131

Selfwealth iOS mobile App Version 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.

ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11.

App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end.

CVE-2023-23131: GitHub - l00neyhacker/CVE-2023-23131: CVE-2023-23131

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-23132: GitHub - l00neyhacker/CVE-2023-23132: CVE-2023-23132

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-23692

Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system.

8.8

CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More information**

iDRAC9

CVE-2022-24422

See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Intel BIOS

CVE-2021-0060

See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities

CVE-2021-28210

CVE-2021-28211

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

OpenSSH

CVE-2021-41617

https://nvd.nist.gov/vuln/detail/CVE-2021-41617  
https://nvd.nist.gov/vuln/detail/CVE-2020-14145  
https://nvd.nist.gov/vuln/detail/CVE-2016-20012

CVE-2020-14145

CVE-2016-20012

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-23692

Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system.

8.8

CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More information**

iDRAC9

CVE-2022-24422

See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Intel BIOS

CVE-2021-0060

See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities

CVE-2021-28210

CVE-2021-28211

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

OpenSSH

CVE-2021-41617

https://nvd.nist.gov/vuln/detail/CVE-2021-41617  
https://nvd.nist.gov/vuln/detail/CVE-2020-14145  
https://nvd.nist.gov/vuln/detail/CVE-2016-20012

CVE-2020-14145

CVE-2016-20012

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-24422

PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.2 and later to stay on LTS 7.7

For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):

*   81247: Data Domain: DD OS Software Versions
*   14125: Data Domain Operating System Software Portal Availability Policy

CVE-2021-0060

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

CVE-2021-28210

CVE-2021-28211

CVE-2022-0778

PowerProtect DD  
DDOS and DDMC

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.3 and later to stay on LTS

CVE-2021-41617

CVE-2020-14145

LTS 7.7.1 to 7.7.2

7.7.3 and later

CVE-2016-20012

6.2.1.80 and earlier

6.2.1.90 and later

CVE-2023-23692

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-24422

PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.2 and later to stay on LTS 7.7

For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):

*   81247: Data Domain: DD OS Software Versions
*   14125: Data Domain Operating System Software Portal Availability Policy

CVE-2021-0060

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

CVE-2021-28210

CVE-2021-28211

CVE-2022-0778

PowerProtect DD  
DDOS and DDMC

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.3 and later to stay on LTS

CVE-2021-41617

CVE-2020-14145

LTS 7.7.1 to 7.7.2

7.7.3 and later

CVE-2016-20012

6.2.1.80 and earlier

6.2.1.90 and later

CVE-2023-23692

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-07-07

Initial Release

1.1

2022-07-12

Edited versions in Affected Products and Remediation Table Affected Version Column

1.2

2022-08-31

Added "7.7.3 and above" to Affected Products and Remediation Table

1.3

2022-01-12

Added CVE-2023-23692 to Proprietary Code Table. 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA , Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain ...

27 tammik. 2023

CVE-2023-23692: DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

CVE-2022-27537: HP PC BIOS August 2022 Additional Updates for Potential SMM and TOCTOU Vulnerabilities

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

HP Elite Mini 600 G9 Desktop PC

BIOS

02.06.00

Rev 1

SP143258

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143258.exe

HP Elite Mini 800 G9 Desktop PC

BIOS

02.06.00

Rev 1

SP143258

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143258.exe

HP Elite SFF 600 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite SFF 800 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Slice

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice for Meeting Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 - Audio Ready with Zoom Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 - Partner Ready with Microsoft Teams Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 with Microsoft Teams Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 with Intel Unite

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Slice G2 with Zoom Rooms

BIOS

02.59

Rev 1

SP143216

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143216.exe

HP Elite Tower 600 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Tower 680 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Tower 800 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP Elite Tower 880 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143123

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143123.exe

HP EliteDesk 705 G4 Desktop Mini PC

BIOS

02.20.00

Rev 1

SP143221

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143221.exe

HP EliteDesk 705 G4 Microtower PC

BIOS

02.20.00

Rev 1

SP143360

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143360.exe

HP EliteDesk 705 G4 Small Form Factor PC

BIOS

02.20.00

Rev 1

SP143193

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143193.exe

HP EliteDesk 705 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP143211

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143211.exe

HP EliteDesk 705 G5 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP142686

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142686.exe

HP EliteDesk 800 35W G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142728

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142728.exe

HP EliteDesk 800 35W G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143306

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143306.exe

HP EliteDesk 800 65W G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142728

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142728.exe

HP EliteDesk 800 65W G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143306

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143306.exe

HP EliteDesk 800 95W G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143306

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143306.exe

HP EliteDesk 800 G3 Small Form Factor PC

BIOS

02.44

Rev 1

SP143373

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143373.exe

HP EliteDesk 800 G3 Tower PC

BIOS

02.44

Rev 1

SP143373

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143373.exe

HP EliteDesk 800 G4 Small Form Factor PC

BIOS

02.21.00

Rev 1

SP143335

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143335.exe

HP EliteDesk 800 G4 Tower PC

BIOS

02.21.00

Rev 1

SP143335

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143335.exe

HP EliteDesk 800 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP142789

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142789.exe

HP EliteDesk 800 G5 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP143308

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143308.exe

HP EliteDesk 800 G5 Tower PC

BIOS

02.15.00

Rev 1

SP143308

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143308.exe

HP EliteDesk 800 G6 Desktop Mini PC

BIOS

02.13.00

Rev 1

SP143177

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143177.exe

HP EliteDesk 800 G6 Small Form Factor PC

BIOS

02.13.00

Rev 1

Sp143278

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143278.exe

HP EliteDesk 800 G6 Tower PC

BIOS

02.13.00

Rev 1

Sp143278

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143278.exe

HP EliteDesk 800 G8 Desktop Mini PC

BIOS

02.10.00

Rev 1

SP143361

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143361.exe

HP EliteDesk 800 G8 Small Form Factor PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP EliteDesk 800 G8 Tower PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP EliteDesk 805 G6 Desktop Mini PC

BIOS

02.10.00

Rev 1

SP143181

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143181.exe

HP EliteDesk 805 G6 Small Form Factor PC

BIOS

02.10.00

Rev 1

SP143179

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143179.exe

HP EliteDesk 805 G8 Desktop Mini PC

BIOS

02.06.00

Rev 1

SP143183

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143183.exe

HP EliteDesk 805 G8 Small Form Factor PC

BIOS

02.06.00

Rev 1

SP143312

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143312.exe

HP EliteDesk 880 G3 Tower PC

BIOS

02.44

Rev 1

SP143373

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143373.exe

HP EliteDesk 880 G4 Tower PC

BIOS

02.21.00

Rev 1

SP143335

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143335.exe

HP EliteDesk 880 G5 Tower PC

BIOS

02.15.00

Rev 1

SP143308

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143308.exe

HP EliteDesk 880 G6 Tower PC

BIOS

02.13.00

Rev 1

Sp143278

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143278.exe

HP EliteDesk 880 G8 Tower PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP EliteOne 1000 G1 23.8-in All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G1 23.8-in Touch All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G1 27-in 4K UHD All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G1 34-in Curved All-in-One Business PC

BIOS

02.44

Rev 1

SP142689

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142689.exe

HP EliteOne 1000 G2 23.8-in All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 1000 G2 23.8-in Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 1000 G2 27-in 4K UHD All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 1000 G2 34-in Curved All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143212

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143212.exe

HP EliteOne 800 G3 23.8 Non-Touch Healthcare Edition All-in-One Business PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Non-Touch All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Non-Touch GPU All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Touch All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G3 23.8-inch Touch GPU All-in-One PC

BIOS

02.44

Rev 1

SP142724

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142724.exe

HP EliteOne 800 G4 23.8-in Healthcare Edition All-in-One Business PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Non-Touch All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Non-Touch GPU All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Touch All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G4 23.8-inch Touch GPU All-in-One PC

BIOS

02.21.00

Rev 1

SP143222

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143222.exe

HP EliteOne 800 G5 23.8-in Healthcare Edition All-in-One

BIOS

02.15.00

Rev 1

SP143218

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143218.exe

HP EliteOne 800 G5 23.8-inch All-in-One

BIOS

02.15.00

Rev 1

SP143218

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143218.exe

HP EliteOne 800 G6 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143213

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143213.exe

HP EliteOne 800 G6 27 All-in-One PC

BIOS

02.13.00

Rev 1

SP143213

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143213.exe

HP EliteOne 800 G8 24 All-in-One PC

BIOS

02.10.00

Rev 1

SP143346

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143346.exe

HP EliteOne 800 G8 27 All-in-One PC

BIOS

02.10.00

Rev 1

SP143346

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143346.exe

HP EliteOne 840 23.8 inch G9 All-in-One Desktop PC

BIOS

02.06.00

Rev 1

SP143270

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143270.exe

HP EliteOne 870 27 inch G9 All-in-One Desktop PC

BIOS

02.06.00

Rev 1

SP143270

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143270.exe

HP Pro Mini 400 G9 Desktop PC

BIOS

02.06.00

Rev 1

SP143259

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143259.exe

HP Pro SFF 400 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143124

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143124.exe

HP Pro Tower 400 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143124

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143124.exe

HP Pro Tower 480 G9 Desktop PC

BIOS

02.06.00

Rev 1

sp143124

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143124.exe

HP ProDesk 400 G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142730

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142730.exe

HP ProDesk 400 G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143318

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143318.exe

HP ProDesk 400 G4 Small Form Factor PC

BIOS

02.44

Rev 1

SP142713

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142713.exe

HP ProDesk 400 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP142788

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142788.exe

HP ProDesk 400 G5 Microtower PC

BIOS

02.21.00

Rev 1

SP143354

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143354.exe

HP ProDesk 400 G5 Small Form Factor PC

BIOS

02.21.00

Rev 1

SP142731

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142731.exe

HP ProDesk 400 G6 Desktop Mini PC

BIOS

02.13.00

Rev 1

SP143232

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143232.exe

HP ProDesk 400 G6 Microtower PC

BIOS

02.15.00

Rev 1

SP143328

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143328.exe

HP ProDesk 400 G6 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP143347

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143347.exe

HP ProDesk 400 G7 Microtower PC

BIOS

02.13.00

Rev 1

SP143290

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143290.exe

HP ProDesk 400 G7 Small Form Factor PC

BIOS

02.13.00

Rev 1

SP143344

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143344.exe

HP ProDesk 405 G4 Desktop Mini PC

BIOS

02.20.00

Rev 1

SP143220

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143220.exe

HP ProDesk 405 G6 Desktop Mini PC

BIOS

02.10.00

Rev 1

SP143182

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143182.exe

HP ProDesk 405 G6 Small Form Factor PC

BIOS

02.10.00

Rev 1

SP143189

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143189.exe

HP ProDesk 405 G8 Desktop Mini PC

BIOS

02.06.00

Rev 1

SP143184

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143184.exe

HP ProDesk 405 G8 Small Form Factor PC

BIOS

02.06.00

Rev 1

SP143307

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143307.exe

HP ProDesk 480 G4 Microtower PC

BIOS

02.44

Rev 1

SP143381

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143381.exe

HP ProDesk 480 G5 Microtower PC

BIOS

02.21.00

Rev 1

SP143354

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143354.exe

HP ProDesk 480 G6 Microtower PC

BIOS

02.15.00

Rev 1

SP143328

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143328.exe

HP ProDesk 480 G7 PCI Microtower PC

BIOS

02.13.00

Rev 1

SP143290

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143290.exe

HP ProDesk 600 G3 Desktop Mini PC

BIOS

02.44

Rev 1

sp142729

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142729.exe

HP ProDesk 600 G3 Microtower PC

BIOS

02.44

Rev 1

SP143379

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143379.exe

HP ProDesk 600 G3 Small Form Factor PC

BIOS

02.44

Rev 1

SP142708

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142708.exe

HP ProDesk 600 G4 Desktop Mini PC

BIOS

02.21.00

Rev 1

SP143315

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143315.exe

HP ProDesk 600 G4 Microtower PC

BIOS

02.21.00

Rev 1

SP143339

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143339.exe

HP ProDesk 600 G4 Small Form Factor PC

BIOS

02.21.00

Rev 1

SP142727

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142727.exe

HP ProDesk 600 G5 Desktop Mini PC

BIOS

02.15.00

Rev 1

SP142790

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142790.exe

HP ProDesk 600 G5 Microtower PC

BIOS

02.15.00

Rev 1

SP143326

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143326.exe

HP ProDesk 600 G5 Microtower PC (with PCI slot)

BIOS

02.15.00

Rev 1

SP143326

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143326.exe

HP ProDesk 600 G5 Small Form Factor PC

BIOS

02.15.00

Rev 1

SP143345

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143345.exe

HP ProDesk 600 G6 Desktop Mini PC

BIOS

02.13.00

Rev 1

SP143227

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143227.exe

HP ProDesk 600 G6 Microtower PC

BIOS

02.13.00

Rev 1

SP143288

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143288.exe

HP ProDesk 600 G6 PCI Microtower PC

BIOS

02.13.00

Rev 1

SP143288

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143288.exe

HP ProDesk 600 G6 Small Form Factor PC

BIOS

02.13.00

Rev 1

SP143337

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143337.exe

HP ProDesk 680 G3 Microtower PC

BIOS

02.44

Rev 1

SP143379

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143379.exe

HP ProDesk 680 G4 Microtower PC (With PCI slot)

BIOS

02.21.00

Rev 1

SP143329

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143329.exe

HP ProDesk 680 G6 PCI Microtower PC

BIOS

02.13.00

Rev 1

SP143288

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143288.exe

HP ProOne 400 G3 20-inch Non-Touch All-in-One PC

BIOS

02.44

Rev 1

SP142699

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142699.exe

HP ProOne 400 G3 20-inch Touch All-in-One PC

BIOS

02.44

Rev 1

SP142699

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142699.exe

HP ProOne 400 G4 20-inch Non-Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 400 G4 23.8-inch Non-Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 400 G5 20-inch All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 400 G5 23.8-inch All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 400 G6 20 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ProOne 400 G6 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ProOne 440 23.8 inch G9 All-in-One Desktop PC

BIOS

02.06.02

Rev 1

SP143679

https://ftp.hp.com/pub/softpaq/sp143501-144000/sp143679.exe

HP ProOne 440 G4 23.8-inch Non-Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 440 G5 23.8-in All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 440 G6 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ProOne 480 G3 20-inch Non-Touch All-in One PC

BIOS

02.44

Rev 1

SP142699

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142699.exe

HP ProOne 600 G3 21.5-inch Non-Touch All-in-One PC

BIOS

02.44

Rev 1

SP142696

https://ftp.hp.com/pub/softpaq/sp142501-143000/sp142696.exe

HP ProOne 600 G4 21.5-inch Touch All-in-One Business PC

BIOS

02.21.00

Rev 1

sp143176

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143176.exe

HP ProOne 600 G5 21.5-in All-in-One Business PC

BIOS

02.15.00

Rev 1

sp143178

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143178.exe

HP ProOne 600 G6 22 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP Z1 G8 Tower Desktop PC

BIOS

02.10.00

Rev 1

SP143417

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143417.exe

HP ZHAN 66 Pro G3 22 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ZHAN 66 Pro G3 24 All-in-One PC

BIOS

02.13.00

Rev 1

SP143224

https://ftp.hp.com/pub/softpaq/sp143001-143500/sp143224.exe

HP ZHAN 99 Pro 23.8 inch G9 All-in-One Desktop PC

BIOS

02.06.02

Rev 1

SP143679

https://ftp.hp.com/pub/softpaq/sp143501-144000/sp143679.exe

Tag

#ios