Aptio V
CVE-2023-39539
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
AnalysisAI
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. Affected products include: Ami Aptio V.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
Same weakness CWE-20 – Improper Input Validation
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today