CVE-2023-34470 MEDIUM

CVE-2023-34470: Improper access control

Vendor Ami
Product AptioV
Weakness CWE-284
Published September 12, 2023
Last update September 26, 2024

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.

Key dates

02Disclosure timeline

September 12, 2023 CVE published
September 26, 2024 Record updated