VYPR

APTIOV

by Ami

CVEs (31)

  • CVE-2024-33659HigFeb 11, 2025
    risk 0.57cvss 8.8epss 0.00

    AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting…

  • CVE-2022-40250HigSep 20, 2022
    risk 0.57cvss 8.8epss 0.00

    An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally…

  • CVE-2022-40262HigSep 20, 2022
    risk 0.53cvss 8.2epss 0.00

    A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing…

  • CVE-2022-40261HigSep 20, 2022
    risk 0.53cvss 8.2epss 0.00

    An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally…

  • CVE-2022-26873HigSep 20, 2022
    risk 0.53cvss 8.2epss 0.00

    A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing…

  • CVE-2025-33044HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability.

  • CVE-2025-22832HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.

  • CVE-2025-22831HigOct 14, 2025
    risk 0.51cvss 7.8epss 0.00

    APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.

  • CVE-2024-33658HigNov 12, 2024
    risk 0.51cvss 7.8epss 0.00

    APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and…

  • CVE-2024-33657HigAug 21, 2024
    risk 0.51cvss 7.8epss 0.00

    This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.

  • CVE-2024-33656HigAug 21, 2024
    risk 0.51cvss 7.8epss 0.00

    The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms

  • CVE-2024-42446HigMay 13, 2025
    risk 0.49cvss 7.5epss 0.00

    APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

  • CVE-2024-54084HigMar 11, 2025
    risk 0.49cvss 7.5epss 0.00

    APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

  • CVE-2024-42444HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.00

    APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.

  • CVE-2023-39539HigDec 6, 2023
    risk 0.49cvss 7.5epss 0.01

    AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 

  • CVE-2023-39538HigDec 6, 2023
    risk 0.49cvss 7.5epss 0.00

    AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 

  • CVE-2023-39537HigNov 14, 2023
    risk 0.49cvss 7.5epss 0.00

    AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

  • CVE-2023-39536HigNov 14, 2023
    risk 0.49cvss 7.5epss 0.00

    AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

  • CVE-2023-39535HigNov 14, 2023
    risk 0.49cvss 7.5epss 0.00

    AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

  • CVE-2024-42442HigNov 12, 2024
    risk 0.47cvss 7.2epss 0.01

    APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System…

Page 1 of 2