CVE-2024-33660Download of Code Without Integrity Check in Aptio V

CWE-494Download of Code Without Integrity Check3 documents3 sources
Severity
5.2MEDIUMNVD
EPSS
0.1%
top 64.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
AMI Aptio VAMI Aptiov
Timeline
PublishedNov 12

Description

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L

Affected Packages2 packages

NVDami/aptio_v5.05.037
CVEListV5ami/aptiovBKS_5.0BKS_5.37

🔴Vulnerability Details

2
GHSA
GHSA-vgj5-pm4f-q6gv: An exploit is possible where an actor with physical access can manipulate SPI flash without being detected2024-11-12
CVEList
Potential Firmware update without integrity check2024-11-12
CVE-2024-33660 — AMI Aptio V vulnerability | cvebase