Lucene search

AMICVE-2023-39538

HistoryDec 06, 2023 - 4:15 p.m.

CVE-2023-39538

2023-12-0616:15:07

CWE-20

CWE-434

AMI

web.nvd.nist.gov

cve-2023-39538

ami aptiov

bios

vulnerability

bmp logo file

upload

local access

confidentiality

integrity

availability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

Affected configurations

Nvd

Node

amiaptio_v

VendorProductVersionCPE
amiaptio_v*cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ami	aptio_v	*	cpe:2.3:o:ami:aptio_v::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AptioV",
    "vendor": "AMI",
    "versions": [
      {
        "lessThan": "BKS_5.34",
        "status": "affected",
        "version": "BKS_5.0",
        "versionType": "custom"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf

security.netapp.com/advisory/ntap-20240105-0003/

Social References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-39538