Filtered by vendor Ami Subscriptions
Filtered by product Aptio V Subscriptions
Total 14 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-39539 1 Ami 1 Aptio V 2024-12-02 7.5 High
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 
CVE-2023-39538 1 Ami 1 Aptio V 2024-11-21 7.5 High
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 
CVE-2023-39537 1 Ami 1 Aptio V 2024-11-21 7.5 High
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
CVE-2023-39536 1 Ami 1 Aptio V 2024-11-21 7.5 High
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
CVE-2023-39535 1 Ami 1 Aptio V 2024-11-21 7.5 High
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
CVE-2023-34470 1 Ami 1 Aptio V 2024-11-21 6.8 Medium
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.
CVE-2023-34469 1 Ami 1 Aptio V 2024-11-21 4.9 Medium
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. 
CVE-2022-40262 2 Ami, Intel 3 Aptio V, Server Board M10jnp2sb, Server Board M10jnp2sb Firmware 2024-11-21 8.2 High
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71
CVE-2022-40261 2 Ami, Intel 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more 2024-11-21 8.2 High
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: OverClockSmiHandler SHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c Module GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422
CVE-2022-40250 2 Ami, Intel 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more 2024-11-21 8.8 High
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: SmmSmbiosElog SHA256: 3a8acb4f9bddccb19ec3b22b22ad97963711550f76b27b606461cd5073a93b59 Module GUID: 8e61fd6b-7a8b-404f-b83f-aa90a47cabdf This issue affects: AMI Aptio 5.x. This issue affects: AMI Aptio 5.x.
CVE-2022-26873 2 Ami, Intel 5 Aptio V, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 2 more 2024-11-21 8.2 High
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: PlatformInitAdvancedPreMem SHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b Module GUID: EEEE611D-F78F-4FB9-B868-55907F169280 This issue affects: AMI Aptio 5.x.
CVE-2024-42442 1 Ami 1 Aptio V 2024-11-12 7.2 High
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
CVE-2024-33657 1 Ami 1 Aptio V 2024-08-22 7.8 High
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.
CVE-2024-33656 1 Ami 1 Aptio V 2024-08-21 7.8 High
The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms