fkie_nvd - fkie_cve-2024-42444

fkie_cve-2024-42444

Vulnerability from fkie_nvd

Published

2025-01-14 15:15

Modified

2025-01-14 15:15

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Summary

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.

References

▶	URL	Tags
	biossecurity@ami.com	https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf

Impacted products

	Vendor	Product	Version

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device."
    },
    {
      "lang": "es",
      "value": "APTIOV contiene una vulnerabilidad en BIOS donde un atacante puede provocar una condici\u00f3n TOCTOU ejecuci\u00f3n por medios locales. La explotaci\u00f3n exitosa de esta vulnerabilidad puede llevar a la ejecuci\u00f3n de c\u00f3digo arbitrario en el dispositivo de destino."
    }
  ],
  "id": "CVE-2024-42444",
  "lastModified": "2025-01-14T15:15:25.997",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 6.0,
        "source": "biossecurity@ami.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-14T15:15:25.997",
  "references": [
    {
      "source": "biossecurity@ami.com",
      "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf"
    }
  ],
  "sourceIdentifier": "biossecurity@ami.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "biossecurity@ami.com",
      "type": "Secondary"
    }
  ]
}

CVE-2024-42444 (GCVE-0-2024-42444)

Vulnerability from cvelistv5

Published

2025-01-14 15:00

Modified

2025-01-14 15:45

Severity ?

7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Summary

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.

References

►

URL

Tags

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf

Impacted products

	Vendor	Product	Version
	AMI	AptioV	Version: BKS_5.0 <

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:45:10.018267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T15:45:23.217Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AptioV",
          "vendor": "AMI",
          "versions": [
            {
              "lessThanOrEqual": "BKS_5.38",
              "status": "affected",
              "version": "BKS_5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device."
            }
          ],
          "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T15:00:42.112Z",
        "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
        "shortName": "AMI"
      },
      "references": [
        {
          "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025001.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "TOCTOU Race Condition between DMA and SMM",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
    "assignerShortName": "AMI",
    "cveId": "CVE-2024-42444",
    "datePublished": "2025-01-14T15:00:42.112Z",
    "dateReserved": "2024-08-01T21:19:52.795Z",
    "dateUpdated": "2025-01-14T15:45:23.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.