CVE-2023-39538

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240105-0003/

Configurations

Configuration 1 (hide)

cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-06 16:15

Updated : 2024-01-05 18:15

NVD link : CVE-2023-39538

Mitre link : CVE-2023-39538

CVE.ORG link : CVE-2023-39538

JSON object : View

Products Affected

ami

aptio_v

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-20

Improper Input Validation

{"id": "CVE-2023-39538", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "biossecurity@ami.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2023-12-06T16:15:07.277", "references": [{"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf", "tags": ["Vendor Advisory"], "source": "biossecurity@ami.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240105-0003/", "source": "biossecurity@ami.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "biossecurity@ami.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u00a0\n\n\n\n\n\n"}, {"lang": "es", "value": "AMI AptioV contiene una vulnerabilidad en BIOS donde un usuario puede provocar una carga sin restricciones de un archivo de logotipo BMP con un tipo peligroso mediante acceso local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."}], "lastModified": "2024-01-05T18:15:28.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C73298F-5F7B-43DF-8772-567ACCE6D7FD"}], "operator": "OR"}]}], "sourceIdentifier": "biossecurity@ami.com"}