Aptio V
CVE-2024-33656
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (ami) · only source for this CVE.
CVSS VectorVendor: ami
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms
AnalysisAI
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms Affected products include: Ami Aptio V.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with danger
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today