Skip to main content

Aptio V CVE-2024-33658

MEDIUM
Buffer Overflow (CWE-119)
2024-11-12 biossecurity@ami.com
4.4
CVSS 4.0 · Vendor: ami
Share

Severity by source

Vendor (ami) PRIMARY
4.4 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (ami) · only source for this CVE.

CVSS VectorVendor: ami

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

1
CVE Published
Nov 12, 2024 - 15:15 cve.org
MEDIUM 4.4

DescriptionCVE.org

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity.

AnalysisAI

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity. Affected products include: Ami Aptio V.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2022-40250 HIGH POC
8.8 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-40262 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2022-40261 HIGH POC
8.2 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-26873 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2024-42442 HIGH
8.8 Nov 12

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit

CVE-2025-33045 HIGH
8.2 Sep 09

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure

CVE-2024-33657 HIGH
7.8 Aug 21

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac

CVE-2024-33656 HIGH
7.8 Aug 21

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated

CVE-2023-39539 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with danger

CVE-2023-39538 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger

CVE-2023-39537 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39536 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

Share

CVE-2024-33658 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy