Lucene search

AMICVELIST:CVE-2023-34470

HistorySep 12, 2023 - 3:21 p.m.

CVE-2023-34470 Improper access control

2023-09-1215:21:58

CWE-284

AMI

www.cve.org

cve-2023-34470

bios

access control

local network

loss of confidentiality

loss of integrity

loss of availability

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AptioV",
    "vendor": "AMI",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023007.pdf

CVSS3

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-34470