Vulnerability-Lookup

WID-SEC-W-2023-3068

Vulnerability from csaf_certbund - Published: 2023-12-06 23:00 - Updated: 2024-12-16 23:00

Summary

UEFI BIOS: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das BIOS ist die Firmware bei IBM PC kompatiblen Computern. InsydeH2O UEFI BIOS ist eine proprietäre, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterstützt.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im UEFI BIOS verschiedener Hersteller ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - BIOS/Firmware

CVE-2023-39538

Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als "LogoFail" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zurückzuführen. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen oder einen Denial of Service Zustand herbeizuführen.

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

CVE-2023-39539

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

CVE-2023-40238

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

CVE-2023-5058

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

References

10 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://binarly.io/posts/finding_logofail_the_dan…	external
https://www.kb.cert.org/vuls/id/811862	external
https://www.insyde.com/security-pledge/SA-2023053	external
https://support.lenovo.com/us/en/product_security…	external
https://github.com/advisories/GHSA-87fm-wcxm-mcmx	external
https://github.com/advisories/GHSA-xhch-7j88-pg68	external
https://support.hp.com/us-en/document/ish_1083251…	external
https://www.dell.com/support/kbdoc/de-de/00026079…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.\r\nInsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im UEFI BIOS verschiedener Hersteller ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3068 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3068.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3068 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3068"
      },
      {
        "category": "external",
        "summary": "Binarly Research \"LogoFAIL\" vom 2023-12-06",
        "url": "https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html"
      },
      {
        "category": "external",
        "summary": "CERT Coordination Center Vulnerability Note VU#811862 vom 2023-12-06",
        "url": "https://www.kb.cert.org/vuls/id/811862"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory 2023053 vom 2023-12-06",
        "url": "https://www.insyde.com/security-pledge/SA-2023053"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-145284 vom 2023-12-06",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-145284"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-87fm-wcxm-mcmx vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-87fm-wcxm-mcmx"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-xhch-7j88-pg68 vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-xhch-7j88-pg68"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF03950 vom 2024-06-07",
        "url": "https://support.hp.com/us-en/document/ish_10832513-10832541-16/HPSBHF03950"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-455 vom 2024-12-16",
        "url": "https://www.dell.com/support/kbdoc/de-de/000260794/dsa-2024-455-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "UEFI BIOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-17T09:15:56.679+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2023-3068",
      "initial_release_date": "2023-12-06T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-30T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4.1",
                "product": {
                  "name": "Dell PowerScale \u003c12.4.1",
                  "product_id": "T039868"
                }
              },
              {
                "category": "product_version",
                "name": "12.4.1",
                "product": {
                  "name": "Dell PowerScale 12.4.1",
                  "product_id": "T039868-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:12.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerScale"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T031292",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "kernel 5.2 \u003cVersion 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 \u003cVersion 05.28.47",
                  "product_id": "T031495"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.2 Version 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 Version 05.28.47",
                  "product_id": "T031495-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.2_version_05.28.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.3 \u003cVersion 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 \u003cVersion 05.37.47",
                  "product_id": "T031496"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.3 Version 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 Version 05.37.47",
                  "product_id": "T031496-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.3_version_05.37.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.4 \u003cVersion 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 \u003cVersion 05.45.47",
                  "product_id": "T031497"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.4 Version 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 Version 05.45.47",
                  "product_id": "T031497-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.4_version_05.45.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.5 \u003cVersion 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 \u003cVersion 05.53.47",
                  "product_id": "T031498"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.5 Version 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 Version 05.53.47",
                  "product_id": "T031498-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.5_version_05.53.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.6 \u003cVersion 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 \u003cVersion 05.60.47",
                  "product_id": "T031499"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.6 Version 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 Version 05.60.47",
                  "product_id": "T031499-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.6_version_05.60.47"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UEFI Firmware"
          }
        ],
        "category": "vendor",
        "name": "Insyde"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T005651",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39538",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39538"
    },
    {
      "cve": "CVE-2023-39539",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39539"
    },
    {
      "cve": "CVE-2023-40238",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-40238"
    },
    {
      "cve": "CVE-2023-5058",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-5058"
    }
  ]
}

CVE-2023-39538 (GCVE-0-2023-39538)

Vulnerability from cvelistv5 – Published: 2023-12-06 15:17 – Updated: 2026-02-25 16:51

Title

Failure when uploading a Logo image file

Summary

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation
CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

AMI

References

2 references

URL	Tags
https://9443417.fs1.hubspotusercontent-na1.net/hu…
https://security.netapp.com/advisory/ntap-2024010…

Impacted products

1 product

Vendor	Product	Version
AMI	AptioV	Affected: BKS_5.0 , < BKS_5.34 (custom)

Credits

Binarly efiXplorer Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:21.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240105-0003/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-07T05:00:09.511773Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T16:51:21.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AptioV",
          "vendor": "AMI",
          "versions": [
            {
              "lessThan": "BKS_5.34",
              "status": "affected",
              "version": "BKS_5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Binarly efiXplorer Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n"
            }
          ],
          "value": "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u00a0\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-21T01:32:30.784Z",
        "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
        "shortName": "AMI"
      },
      "references": [
        {
          "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240105-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Failure when uploading a Logo image file",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
    "assignerShortName": "AMI",
    "cveId": "CVE-2023-39538",
    "datePublished": "2023-12-06T15:17:30.504Z",
    "dateReserved": "2023-08-03T17:11:02.847Z",
    "dateUpdated": "2026-02-25T16:51:21.091Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-39539 (GCVE-0-2023-39539)

Vulnerability from cvelistv5 – Published: 2023-12-06 15:15 – Updated: 2025-12-16 18:23

Title

Failure when uploading a Logo image file

Summary

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation
CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

AMI

References

3 references

URL	Tags
https://9443417.fs1.hubspotusercontent-na1.net/hu…
https://www.kb.cert.org/vuls/id/811862
https://security.netapp.com/advisory/ntap-2024010…

Impacted products

1 product

Vendor	Product	Version
AMI	AptioV	Affected: BKS_5.0 , < BKS_5.34 (custom)

Credits

Binarly efiXplorer Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:21.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/811862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240105-0003/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T14:54:33.817426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T18:23:25.840Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AptioV",
          "vendor": "AMI",
          "versions": [
            {
              "lessThan": "BKS_5.34",
              "status": "affected",
              "version": "BKS_5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Binarly efiXplorer Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n"
            }
          ],
          "value": "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u00a0\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-21T01:33:19.683Z",
        "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
        "shortName": "AMI"
      },
      "references": [
        {
          "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/811862"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240105-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Failure when uploading a Logo image file",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
    "assignerShortName": "AMI",
    "cveId": "CVE-2023-39539",
    "datePublished": "2023-12-06T15:15:06.493Z",
    "dateReserved": "2023-08-03T17:11:02.847Z",
    "dateUpdated": "2025-12-16T18:23:25.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-40238 (GCVE-0-2023-40238)

Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2026-02-25 17:20

Summary

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

5 references

URL	Tags
https://www.insyde.com/security-pledge
https://www.kb.cert.org/vuls/id/811862	third-party-advisory
https://www.insyde.com/security-pledge/SA-2023053
https://binarly.io/posts/finding_logofail_the_dan…
https://security.netapp.com/advisory/ntap-2024010…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge"
          },
          {
            "name": "VU#811862",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/811862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge/SA-2023053"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240105-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-40238",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-08T05:00:27.606950Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-312",
                "description": "CWE-312 Cleartext Storage of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T17:20:12.939Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T18:06:30.856Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.insyde.com/security-pledge"
        },
        {
          "name": "VU#811862",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/811862"
        },
        {
          "url": "https://www.insyde.com/security-pledge/SA-2023053"
        },
        {
          "url": "https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240105-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-40238",
    "datePublished": "2023-12-07T00:00:00.000Z",
    "dateReserved": "2023-08-11T00:00:00.000Z",
    "dateUpdated": "2026-02-25T17:20:12.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-5058 (GCVE-0-2023-5058)

Vulnerability from cvelistv5 – Published: 2023-12-07 22:29 – Updated: 2025-07-28 20:50

Summary

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.

Severity

No CVSS data available.

CWE

CWE-20 - Improper Input Validation

Assigner

Phoenix

References

2 references

URL	Tags
https://phoenixtech.com/phoenix-security-notifica…
https://www.kb.cert.org/vuls/id/811862

Impacted products

1 product

Vendor	Product	Version
Phoenix	SecureCore™ Technology™ 4	Affected: 4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.phoenix.com/security-notifications/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/811862"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SecureCore\u2122 Technology\u2122 4",
          "vendor": "Phoenix",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
            }
          ],
          "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T20:50:19.406Z",
        "orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
        "shortName": "Phoenix"
      },
      "references": [
        {
          "url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/811862"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
    "assignerShortName": "Phoenix",
    "cveId": "CVE-2023-5058",
    "datePublished": "2023-12-07T22:29:05.717Z",
    "dateReserved": "2023-09-18T21:36:23.632Z",
    "dateUpdated": "2025-07-28T20:50:19.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-3068

CVE-2023-39538 (GCVE-0-2023-39538)

CVE-2023-39539 (GCVE-0-2023-39539)

CVE-2023-40238 (GCVE-0-2023-40238)

CVE-2023-5058 (GCVE-0-2023-5058)

Tags

Sightings

Nomenclature