CVE-2024-33660 MEDIUM

CVE-2024-33660: Potential Firmware update without integrity check

Vendor Ami
Product AptioV
Weakness CWE-494 · Download without integrity check
Published November 12, 2024
Last update November 21, 2024

CVSS base score

5.2/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 21, 2024 Record updated