Vulnerabilites related to AMI - AptioV
cve-2023-34470
Vulnerability from cvelistv5
Published
2023-09-12 15:21
Modified
2024-09-26 13:43
Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:10:07.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023007.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34470", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T13:42:36.389495Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T13:43:02.938Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { status: "affected", version: "*", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: " Binarly efiXplorer Team", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\nAMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.\n\n", }, ], value: "\nAMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.\n\n", }, ], impacts: [ { capecId: "CAPEC-551", descriptions: [ { lang: "en", value: "CAPEC-551 Modify Existing Service", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-25T15:57:52.826Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023007.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Improper access control ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2023-34470", datePublished: "2023-09-12T15:21:58.331Z", dateReserved: "2023-06-07T03:10:19.973Z", dateUpdated: "2024-09-26T13:43:02.938Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39539
Vulnerability from cvelistv5
Published
2023-12-06 15:15
Modified
2024-12-02 14:54
Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:21.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf", }, { tags: [ "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/811862", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240105-0003/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39539", options: [ { Exploitation: "none", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T14:54:33.817426Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T14:54:55.695Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThan: "BKS_5.34", status: "affected", version: "BKS_5.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Binarly efiXplorer Team", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. </span><br>\n\n\n\n\n", }, ], value: "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. \n\n\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-21T01:33:19.683Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf", }, { url: "https://www.kb.cert.org/vuls/id/811862", }, { url: "https://security.netapp.com/advisory/ntap-20240105-0003/", }, ], source: { discovery: "UNKNOWN", }, title: "Failure when uploading a Logo image file", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2023-39539", datePublished: "2023-12-06T15:15:06.493Z", dateReserved: "2023-08-03T17:11:02.847Z", dateUpdated: "2024-12-02T14:54:55.695Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54084
Vulnerability from cvelistv5
Published
2025-03-11 14:01
Modified
2025-03-11 14:45
Severity ?
EPSS score ?
Summary
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-54084", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-11T14:45:48.097813Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T14:45:58.764Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "BKS_5.38", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2025-03-11T14:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.", }, ], value: "APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T14:01:24.030Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "SMM Arbitrary Write via TOCTOU Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-54084", datePublished: "2025-03-11T14:01:24.030Z", dateReserved: "2024-11-28T05:10:52.351Z", dateUpdated: "2025-03-11T14:45:58.764Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39537
Vulnerability from cvelistv5
Published
2023-11-14 21:24
Modified
2024-08-14 19:25
Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:21.101Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aptio_v", vendor: "ami", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39537", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:53:15.520018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T19:25:46.794Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { status: "affected", version: "*", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.", }, ], value: "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.", }, ], impacts: [ { capecId: "CAPEC-153", descriptions: [ { lang: "en", value: "CAPEC-153 Input Data Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T21:24:32.282Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Improper input validation in BIOS TCG2", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2023-39537", datePublished: "2023-11-14T21:24:32.282Z", dateReserved: "2023-08-03T17:11:02.847Z", dateUpdated: "2024-08-14T19:25:46.794Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33657
Vulnerability from cvelistv5
Published
2024-08-21 16:17
Modified
2024-08-22 00:40
Severity ?
EPSS score ?
Summary
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aptio_v", vendor: "ami", versions: [ { lessThanOrEqual: "5.36", status: "affected", version: "5.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-33657", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-22T00:38:10.778891Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-22T00:40:11.707Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "5.36", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2024-08-19T22:19:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.", }, ], value: "This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.", }, ], impacts: [ { capecId: "CAPEC-47", descriptions: [ { lang: "en", value: "CAPEC-47 Buffer Overflow via Parameter Expansion", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-21T16:17:12.383Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Smm Callout in SmmComputrace Module", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-33657", datePublished: "2024-08-21T16:17:12.383Z", dateReserved: "2024-04-25T13:29:51.809Z", dateUpdated: "2024-08-22T00:40:11.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39538
Vulnerability from cvelistv5
Published
2023-12-06 15:17
Modified
2024-08-02 18:10
Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:21.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240105-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThan: "BKS_5.34", status: "affected", version: "BKS_5.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Binarly efiXplorer Team", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. </span><br>\n\n\n\n\n", }, ], value: "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. \n\n\n\n\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-21T01:32:30.784Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf", }, { url: "https://security.netapp.com/advisory/ntap-20240105-0003/", }, ], source: { discovery: "UNKNOWN", }, title: "Failure when uploading a Logo image file", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2023-39538", datePublished: "2023-12-06T15:17:30.504Z", dateReserved: "2023-08-03T17:11:02.847Z", dateUpdated: "2024-08-02T18:10:21.386Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39535
Vulnerability from cvelistv5
Published
2023-11-14 21:23
Modified
2024-08-29 20:17
Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:21.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aptio_v", vendor: "ami", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39535", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T20:17:27.393658Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T20:17:59.863Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { status: "affected", version: "*", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.", }, ], value: "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.", }, ], impacts: [ { capecId: "CAPEC-153", descriptions: [ { lang: "en", value: "CAPEC-153 Input Data Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T21:23:24.506Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Improper input validation in BIOS ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2023-39535", datePublished: "2023-11-14T21:23:24.506Z", dateReserved: "2023-08-03T17:11:02.847Z", dateUpdated: "2024-08-29T20:17:59.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33658
Vulnerability from cvelistv5
Published
2024-11-12 15:01
Modified
2024-11-21 16:21
Severity ?
EPSS score ?
Summary
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-33658", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T15:56:28.307717Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T16:21:37.633Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "BKS_5.37", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2024-11-12T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity.", }, ], value: "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, { capecId: "CAPEC-47", descriptions: [ { lang: "en", value: "CAPEC-47 Buffer Overflow via Parameter Expansion", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "LOCAL", baseScore: 4.4, baseSeverity: "MEDIUM", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "PASSIVE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T15:01:05.234Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Buffer Overflow Vulnerability In OFBD", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-33658", datePublished: "2024-11-12T15:01:05.234Z", dateReserved: "2024-04-25T13:29:51.809Z", dateUpdated: "2024-11-21T16:21:37.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2315
Vulnerability from cvelistv5
Published
2024-11-12 15:01
Modified
2024-11-21 16:20
Severity ?
EPSS score ?
Summary
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-2315", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T15:55:27.653614Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T16:20:52.843Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "BKS_5.37", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2024-11-12T15:01:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.", }, ], value: "APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.", }, ], impacts: [ { capecId: "CAPEC-129", descriptions: [ { lang: "en", value: "CAPEC-129 Pointer Manipulation", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 6.8, baseSeverity: "MEDIUM", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T15:01:15.370Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "SMM arbitrary code execution in Overclock", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-2315", datePublished: "2024-11-12T15:01:15.370Z", dateReserved: "2024-03-08T04:05:51.850Z", dateUpdated: "2024-11-21T16:20:52.843Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33656
Vulnerability from cvelistv5
Published
2024-08-21 16:16
Modified
2024-08-21 17:08
Severity ?
EPSS score ?
Summary
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "aptio_v", vendor: "ami", versions: [ { lessThanOrEqual: "5.36", status: "affected", version: "bks_5.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-33656", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-21T17:08:24.448035Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-21T17:08:28.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "5.36", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2024-08-19T21:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms", }, ], value: "The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-21T16:16:43.954Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Memory Leak in SmmComuptrace Module", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-33656", datePublished: "2024-08-21T16:16:43.954Z", dateReserved: "2024-04-25T13:29:51.808Z", dateUpdated: "2024-08-21T17:08:28.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33659
Vulnerability from cvelistv5
Published
2025-02-11 15:00
Modified
2025-02-11 15:36
Severity ?
EPSS score ?
Summary
AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-33659", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T15:36:28.291055Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-11T15:36:38.156Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "BKS_5.38", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2025-02-11T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.", }, ], value: "AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "HIGH", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 5.7, baseSeverity: "MEDIUM", privilegesRequired: "HIGH", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T15:00:11.196Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2025/AMI-SA-2025002.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "BiosGuard Buffer Overflow and TOCTOU Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-33659", datePublished: "2025-02-11T15:00:11.196Z", dateReserved: "2024-04-25T13:29:51.809Z", dateUpdated: "2025-02-11T15:36:38.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42442
Vulnerability from cvelistv5
Published
2024-11-12 15:00
Modified
2024-11-12 15:58
Severity ?
EPSS score ?
Summary
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "aptio_v", vendor: "ami", versions: [ { lessThanOrEqual: "BKS_5.37", status: "affected", version: "BKS_5.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-42442", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T15:57:57.815614Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T15:58:50.679Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "BKS_5.37", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2024-11-12T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.", }, ], value: "APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T15:00:34.738Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Runtime Service Access outside SMRAM", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-42442", datePublished: "2024-11-12T15:00:34.738Z", dateReserved: "2024-08-01T21:19:52.794Z", dateUpdated: "2024-11-12T15:58:50.679Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42444
Vulnerability from cvelistv5
Published
2025-01-14 15:00
Modified
2025-01-14 15:45
Severity ?
EPSS score ?
Summary
APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-42444", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-14T15:45:10.018267Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-14T15:45:23.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "BKS_5.38", status: "affected", version: "BKS_5.0", versionType: "custom", }, ], }, ], datePublic: "2025-01-14T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.", }, ], value: "APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-367", description: "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-14T15:00:42.112Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "TOCTOU Race Condition between DMA and SMM", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-42444", datePublished: "2025-01-14T15:00:42.112Z", dateReserved: "2024-08-01T21:19:52.795Z", dateUpdated: "2025-01-14T15:45:23.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34469
Vulnerability from cvelistv5
Published
2023-09-12 15:21
Modified
2024-09-24 20:36
Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:10:07.115Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023007.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34469", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T20:33:33.945919Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T20:36:07.365Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { status: "affected", version: "*", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: " Binarly efiXplorer Team", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\nAMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. ", }, ], value: "\nAMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. ", }, ], impacts: [ { capecId: "CAPEC-551", descriptions: [ { lang: "en", value: "CAPEC-551 Modify Existing Service", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-25T15:58:14.117Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023007.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Cold Rest Vulnerabiltiy", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2023-34469", datePublished: "2023-09-12T15:21:11.450Z", dateReserved: "2023-06-07T03:10:19.973Z", dateUpdated: "2024-09-24T20:36:07.365Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33660
Vulnerability from cvelistv5
Published
2024-11-12 15:00
Modified
2024-11-21 16:22
Severity ?
EPSS score ?
Summary
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33660", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T15:57:27.615870Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T16:22:25.320Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { lessThanOrEqual: "BKS_5.37", status: "affected", version: "BKS_5.0", versionType: "Custom", }, ], }, ], datePublic: "2024-11-12T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.<br>", }, ], value: "An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.", }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "PHYSICAL", baseScore: 5.2, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "LOW", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-494", description: "CWE-494 Download of Code Without Integrity Check", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-12T15:00:51.675Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Potential Firmware update without integrity check", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2024-33660", datePublished: "2024-11-12T15:00:51.675Z", dateReserved: "2024-04-25T13:29:51.809Z", dateUpdated: "2024-11-21T16:22:25.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39536
Vulnerability from cvelistv5
Published
2023-11-14 21:24
Modified
2024-08-29 20:17
Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:21.422Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aptio_v", vendor: "ami", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39536", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-29T20:13:38.641737Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T20:17:11.568Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "AptioV", vendor: "AMI", versions: [ { status: "affected", version: "*", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.", }, ], value: "AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.", }, ], impacts: [ { capecId: "CAPEC-153", descriptions: [ { lang: "en", value: "CAPEC-153 Input Data Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-14T21:24:02.381Z", orgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", shortName: "AMI", }, references: [ { url: "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf", }, ], source: { discovery: "UNKNOWN", }, title: "Improper input validation in BIOS OFBD", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "7e9044f1-7f56-4c38-8864-c0c7302263d6", assignerShortName: "AMI", cveId: "CVE-2023-39536", datePublished: "2023-11-14T21:24:02.381Z", dateReserved: "2023-08-03T17:11:02.847Z", dateUpdated: "2024-08-29T20:17:11.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }