- CVE ID: CVE-2024-31719 Link
- Vulnerability Type: Incorrect Access Control
- Vendoer of Product: American Megatrends International, LLC.
- Product: AMI Aptio - 5
- Atack Type: Local
The attacker can easily bypass the NvLock module's access protection for NVRAM.
Once the protection is bypassed, it is effortless to modify all variables stored in NVRAM, including the administrator password.
