Aptio V
CVE-2022-40262
HIGH
Severity by source
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71
AnalysisAI
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-123. A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71 Affected products include: Ami Aptio V, Intel Server Board M10Jnp2Sb Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with danger
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
Same weakness CWE-123 – Write-what-where Condition
View allShare
External POC / Exploit Code
Leaving vuln.today