Failure when uploading a Logo image file
CVE-2023-39539

7.5HIGH

Key Information:

Vendor: Ami
Status: Aptiov
Vendor: CVE Published:; 6 December 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-39539?

AMI AptioV BIOS has a security flaw that allows local users to upload a PNG logo file without proper validation. This can lead to potential exploitation, putting the confidentiality, integrity, and availability of the system at risk. Attackers may leverage this vulnerability to execute malicious actions within the system, necessitating immediate attention and remediation.

Affected Version(s)

AptioV BKS_5.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-39539-PoC
Created by AdamWen230

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443...

https://www.kb.cert.org/vuls/id/811862

https://security.netapp.com/advisory/ntap-20240105-0003/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 6, 2023
🟡
Public PoC available
Nov 15, 2023
👾
Exploit known to exist
Nov 15, 2023
Vulnerability Reserved
Aug 3, 2023

Credit

Binarly efiXplorer Team

Ami

Badges

What is CVE-2023-39539?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit