CVE-2024-33660

MEDIUM

AMI Aptio V < 5.037 - Download Without Integrity Check

Title source: rule
STIX 2.1

Description

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.

References (1)

Scores

CVSS v3 4.3
EPSS 0.0015
EPSS Percentile 35.0%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-494
Status published
Products (1)
ami/aptio_v 5.0 - 5.037
Published Nov 12, 2024
Tracked Since Feb 18, 2026