Skip to main content

Aptio V CVE-2023-39539

HIGH
Improper Input Validation (CWE-20)
2023-12-06 biossecurity@ami.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 06, 2023 - 16:15 nvd
HIGH 7.8

DescriptionNVD

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

AnalysisAI

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. Affected products include: Ami Aptio V.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-40250 HIGH POC
8.8 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-40262 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2022-40261 HIGH POC
8.2 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-26873 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2024-42442 HIGH
8.8 Nov 12

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit

CVE-2025-33045 HIGH
8.2 Sep 09

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure

CVE-2024-33657 HIGH
7.8 Aug 21

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac

CVE-2024-33656 HIGH
7.8 Aug 21

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated

CVE-2023-39538 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger

CVE-2023-39537 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39536 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39535 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

Share

CVE-2023-39539 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy