Skip to main content

Aptio V CVE-2024-42442

HIGH
Buffer Overflow (CWE-119)
2024-11-12 biossecurity@ami.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 12, 2024 - 15:15 nvd
HIGH 8.8

DescriptionNVD

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.

AnalysisAI

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode. Affected products include: Ami Aptio V.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2022-40250 HIGH POC
8.8 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-40262 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2022-40261 HIGH POC
8.2 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-26873 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2025-33045 HIGH
8.2 Sep 09

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure

CVE-2024-33657 HIGH
7.8 Aug 21

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac

CVE-2024-33656 HIGH
7.8 Aug 21

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated

CVE-2023-39539 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with danger

CVE-2023-39538 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger

CVE-2023-39537 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39536 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39535 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

Share

CVE-2024-42442 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy