Failure when uploading a Logo image file
CVE-2023-39538

7.5HIGH

Key Information:

Vendor: AMI
Status: AptioV
Vendor: CVE Published:; 6 December 2023

What is CVE-2023-39538?

AMI AptioV contains a vulnerability in its BIOS system that allows local users to upload BMP files without restriction. This flaw could serve as a gateway for malicious activities, potentially compromising the confidentiality, integrity, and availability of the affected systems. Exploiting this weakness could lead to unauthorized access and manipulation of system resources, emphasizing the importance of timely mitigation measures.

Affected Version(s)

AptioV BKS_5.0

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

https://security.netapp.com/advisory/ntap-20240105-0003/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2023
Vulnerability Reserved
Aug 3, 2023

Credit

Binarly efiXplorer Team