Skip to main content

Aptio V CVE-2024-2315

MEDIUM
Improper Access Control (CWE-284)
2024-11-12 biossecurity@ami.com
6.8
CVSS 4.0 · Vendor: ami
Share

Severity by source

Vendor (ami) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (ami) · only source for this CVE.

CVSS VectorVendor: ami

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Nov 12, 2024 - 15:15 cve.org
MEDIUM 6.8

DescriptionCVE.org

APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.

AnalysisAI

APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. Affected products include: Ami Aptio V.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-40250 HIGH POC
8.8 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-40262 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2022-40261 HIGH POC
8.2 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-26873 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2024-42442 HIGH
8.8 Nov 12

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit

CVE-2025-33045 HIGH
8.2 Sep 09

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure

CVE-2024-33657 HIGH
7.8 Aug 21

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac

CVE-2024-33656 HIGH
7.8 Aug 21

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated

CVE-2023-39539 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with danger

CVE-2023-39538 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger

CVE-2023-39537 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39536 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

Share

CVE-2024-2315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy