CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-33659: BiosGuard Buffer Overflow and TOCTOU Vulnerability

5.7 CVSS

Description

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.

Classification

CVE ID: CVE-2024-33659

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.7

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L

Affected Products

Vendor: AMI

Product: AptioV

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2025/AMI-SA-2025002.pdf

Timeline

2025-02-12 00:31:32 UTC
CVE

BiosGuard Buffer Overflow and TOCTOU Vulnerability