CVE-2019-6322 in Workstation BIOS
Summary
by MITRE
HP has identified a security vulnerability with some versions of Workstation BIOS (UEFI Firmware) where the runtime BIOS code could be tampered with if the TPM is disabled. This vulnerability relates to Workstations whose TPM is enabled by default.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/17/2020
This vulnerability exists within the firmware implementation of certain HP Workstation models where the Unified Extensible Firmware Interface operates with insufficient protection mechanisms when the Trusted Platform Module remains disabled. The security flaw stems from the firmware's failure to properly validate runtime code integrity when the TPM is not actively enforcing platform authentication and measurement policies. The vulnerability specifically affects systems where the TPM is enabled by default but can be disabled through system configuration settings, creating a window where malicious actors could potentially modify the BIOS runtime code without proper authorization. This represents a fundamental weakness in the firmware's security architecture as it fails to maintain consistent integrity verification regardless of TPM state. The issue falls under the category of firmware security vulnerabilities that compromise the root of trust for the platform, making it particularly concerning for enterprise environments where system integrity is paramount.
The technical exploitation of this vulnerability occurs when an attacker disables the TPM and subsequently gains access to modify the BIOS runtime environment. This creates a scenario where the firmware's integrity protection mechanisms are bypassed, allowing for unauthorized code injection or modification of critical boot components. The vulnerability demonstrates poor separation of concerns in firmware design where runtime security policies should remain consistent regardless of TPM activation status. According to CWE-284, this represents an inadequate access control implementation within the firmware security model, while the ATT&CK framework would categorize this under firmware tampering techniques that leverage configuration weaknesses to establish persistent access. The flaw essentially removes the protective barrier that the TPM normally provides, leaving the system vulnerable to malicious modifications that could persist through reboots and system updates.
The operational impact of this vulnerability extends beyond simple code modification as it fundamentally undermines the platform's ability to maintain secure boot processes and establish trust in the system's runtime environment. When the TPM is disabled, the system becomes vulnerable to attacks that could compromise the entire boot chain, potentially leading to full system compromise or persistent backdoor access. Organizations using affected HP Workstation models face significant risk in environments where physical security is not strictly controlled, as the vulnerability allows for hardware-level attacks that bypass traditional software security measures. The risk is particularly elevated in scenarios where attackers have physical access to the systems or can manipulate system configurations through legitimate administrative access points. This vulnerability directly impacts the integrity and authenticity guarantees that the platform should provide, making it a critical concern for any security-conscious organization relying on HP Workstation platforms.
Mitigation strategies for this vulnerability require a multi-layered approach that addresses both the immediate firmware issue and broader system security posture. Organizations should ensure that TPM functionality remains enabled and properly configured across all affected systems, implementing policies that prevent unauthorized TPM disabling. Firmware updates from HP should be deployed immediately to address the specific vulnerability, while system administrators should conduct thorough inventory checks to identify all affected models and configurations. Network security controls should be enhanced to detect and prevent unauthorized physical access to systems, and regular integrity verification should be implemented using tools that can monitor for unauthorized firmware modifications. The solution must also include monitoring for any attempts to disable TPM functionality, as this represents the primary attack vector for exploitation. Organizations should consider implementing additional hardware security measures such as BIOS write protection or secure boot enforcement to further mitigate the risk of unauthorized firmware modifications.