CVE-2023-39539

Failure when uploading a Logo image file

CVSS 7.5 HIGHEPSS 0.6%CWE-20 CWE-434

In short

AMI AptioV BIOS allows local users to upload PNG logo files without proper validation, potentially compromising system security. An attacker with local access could exploit this to gain unauthorized control over the system.

Technical detail

This vulnerability in AMI AptioV BIOS involves improper input validation (CWE-20) and unrestricted file upload (CWE-434) affecting the logo image upload functionality. A local attacker can bypass file type restrictions to upload malicious PNG files, potentially leading to code execution or system compromise with impacts on confidentiality, integrity, and availability.

Summary generated and translated by AI from the official description.

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

AMI · AptioV

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf https://security.netapp.com/advisory/ntap-20240105-0003/https://www.kb.cert.org/vuls/id/811862