Aptio V
CVE-2024-33660
MEDIUM
Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (ami) · only source for this CVE.
CVSS VectorVendor: ami
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
AnalysisAI
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-494. An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. Affected products include: Ami Aptio V.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with danger
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network
Same weakness CWE-494 – Download of Code Without Integrity Check
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today