Lucene search

AMIVULNRICHMENT:CVE-2023-39537

HistoryNov 14, 2023 - 9:24 p.m.

CVE-2023-39537 Improper input validation in BIOS TCG2

2023-11-1421:24:32

CWE-20

AMI

github.com

bios security

tcg2

ami aptiov

input validation

vulnerability

confidentiality

integrity

availability

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ami",
    "product": "aptio_v",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023008.pdf

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.7

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-39537