Lucene search

AMICVELIST:CVE-2023-39535

HistoryNov 14, 2023 - 9:23 p.m.

CVE-2023-39535 Improper input validation in BIOS

2023-11-1421:23:24

CWE-20

AMI

www.cve.org

cve-2023-39535

bios

input validation

local network

confidentiality

integrity

availability

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AptioV",
    "vendor": "AMI",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-39535