Beware of Vulnerability in AMI AptioV BIOS that Allows Malicious Logo Upload

CVECVE-2023-39538
CVSScvssV3_1: 7.5
SourceCVE-2023-39538

AMI AptioV BIOS contains a vulnerability that could allow a local attacker to compromise systems. The vulnerability is located in how AptioV handles BMP logo file uploads. A malicious actor with local access could craft a specially formatted BMP file to exploit this issue.

If successfully exploited, this vulnerability could allow an attacker to upload a file that executes arbitrary code or makes changes without authorization. They could then install programs, view and change data, or cause a denial of service. The vulnerability has a CVSS score of 7.5, meaning it is considered high severity.

BIOS is low-level software that runs when a device is first powered on. It performs hardware initialization and loads the operating system. Because of this privileged role, vulnerabilities in BIOS can seriously impact security. An attacker could exploit this to take complete control of the affected systems very early in the startup process.

AMI AptioV is BIOS commonly used in desktops, laptops, and servers. Users with devices containing this BIOS should ensure they apply any updates provided by their manufacturer to patch this vulnerability. System owners should also consider disabling the ability to upload custom logos or limiting local access as a precaution until updates are available. Staying vigilant about system updates helps defend against threats like this one targeting fundamental components.

References