CVE-2024-33659

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.

CVSS

No CVSS.

References

Link	Resource
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2025/AMI-SA-2025002.pdf

Configurations

No configuration.

History

11 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-11 15:15

Updated : 2025-02-11 15:15

NVD link : CVE-2024-33659

Mitre link : CVE-2024-33659

CVE.ORG link : CVE-2024-33659

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-33659", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "biossecurity@ami.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.7, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2025-02-11T15:15:17.200", "references": [{"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2025/AMI-SA-2025002.pdf", "source": "biossecurity@ami.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "biossecurity@ami.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability."}], "lastModified": "2025-02-11T15:15:17.200", "sourceIdentifier": "biossecurity@ami.com"}

CVE-2024-33659

JSON object

Attach tags to CVE-2024-33659

Attach tags to `CVE-2024-33659`