CVE-2024-42442 - Vulnerability Details - OpenCVE

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00097.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ami	Aptio V

Configuration 1 [-]

cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf

History

Tue, 12 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ami Ami aptio V
CPEs		cpe:2.3:o:ami:aptio_v::::::::
Vendors & Products		Ami Ami aptio V
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 12 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Description		APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.
Title		Runtime Service Access outside SMRAM
Weaknesses		CWE-119
References		https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: AMI

Published: 2024-11-12T15:00:34.738Z

Updated: 2024-11-12T15:58:50.679Z

Reserved: 2024-08-01T21:19:52.794Z

Link: CVE-2024-42442

Vulnrichment

Updated: 2024-11-12T15:58:44.593Z

NVD

Status : Analyzed

Published: 2024-11-12T15:15:09.780

Modified: 2025-10-02T14:29:40.480

Link: CVE-2024-42442

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42442", "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "state": "PUBLISHED", "assignerShortName": "AMI", "dateReserved": "2024-08-01T21:19:52.794Z", "datePublished": "2024-11-12T15:00:34.738Z", "dateUpdated": "2024-11-12T15:58:50.679Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AptioV", "vendor": "AMI", "versions": [{"lessThanOrEqual": "BKS_5.37", "status": "affected", "version": "BKS_5.0", "versionType": "Custom"}]}], "datePublic": "2024-11-12T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode."}], "value": "APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI", "dateUpdated": "2024-11-12T15:00:34.738Z"}, "references": [{"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Runtime Service Access outside SMRAM", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "ami", "product": "aptio_v", "cpes": ["cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "BKS_5.0", "status": "affected", "lessThanOrEqual": "BKS_5.37", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T15:57:57.815614Z", "id": "CVE-2024-42442", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T15:58:50.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42442", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-12T15:57:57.815614Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*"], "vendor": "ami", "product": "aptio_v", "versions": [{"status": "affected", "version": "BKS_5.0", "versionType": "custom", "lessThanOrEqual": "BKS_5.37"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T15:58:44.593Z"}}], "cna": {"title": "Runtime Service Access outside SMRAM", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMI", "product": "AptioV", "versions": [{"status": "affected", "version": "BKS_5.0", "versionType": "Custom", "lessThanOrEqual": "BKS_5.37"}], "defaultStatus": "unaffected"}], "datePublic": "2024-11-12T15:00:00.000Z", "references": [{"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.", "supportingMedia": [{"type": "text/html", "value": "APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI", "dateUpdated": "2024-11-12T15:00:34.738Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42442", "state": "PUBLISHED", "dateUpdated": "2024-11-12T15:58:50.679Z", "dateReserved": "2024-08-01T21:19:52.794Z", "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "datePublished": "2024-11-12T15:00:34.738Z", "assignerShortName": "AMI"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AAA3A14-0934-4506-A200-E9B1844C83D6", "versionEndExcluding": "5.037", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode."}, {"lang": "es", "value": "APTIOV contiene una vulnerabilidad en el BIOS que permite a un usuario o atacante restringir de forma indebida las operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en la red. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo fuera del modo de administraci\u00f3n del sistema previsto."}], "id": "CVE-2024-42442", "lastModified": "2025-10-02T14:29:40.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "biossecurity@ami.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-12T15:15:09.780", "references": [{"source": "biossecurity@ami.com", "tags": ["Vendor Advisory"], "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf"}], "sourceIdentifier": "biossecurity@ami.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "biossecurity@ami.com", "type": "Secondary"}]}