CVE-2024-33660 – This vulnerability allows an attacker with phys... (How to Fix)

Q: What is the severity of CVE-2024-33660?

CVE-2024-33660 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows an attacker with physical access to manipulate SPI flash memory without detection, potentially compromising system integrity. It affects systems using vulnerable AMI firmware. The exploit requires physical proximity to the target device.

📋 TL;DR

This vulnerability allows an attacker with physical access to manipulate SPI flash memory without detection, potentially compromising system integrity. It affects systems using vulnerable AMI firmware. The exploit requires physical proximity to the target device.

💻 Affected Systems

Products:

AMI Aptio V UEFI firmware

Versions: Specific versions not detailed in advisory; check vendor documentation

Operating Systems: Any OS running on affected firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with AMI Aptio V UEFI firmware; physical access required

📦 What is this software?

Aptio V by Ami

View all CVEs affecting Aptio V →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker could install persistent malware, backdoors, or modify firmware to bypass security controls, leading to complete system compromise.

🟠

Likely Case

Malicious firmware modification enabling data theft, credential harvesting, or establishing persistence in environments with insufficient physical security.

🟢

If Mitigated

Limited impact due to strong physical security controls preventing unauthorized access to hardware.

🌐 Internet-Facing: LOW - This is a physical access vulnerability requiring direct hardware interaction.

🏢 Internal Only: MEDIUM - Internal attackers with physical access could exploit this, but requires bypassing physical security controls.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires physical access and SPI flash programming hardware/tools

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with hardware/OEM vendor for specific firmware updates

Vendor Advisory: https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf

Restart Required: Yes

Instructions:

1. Contact hardware/OEM vendor for firmware update 2. Backup system data 3. Apply firmware update following vendor instructions 4. Verify update completion and system functionality

🔧 Temporary Workarounds

Physical Security Controls

all

Implement strict physical access controls to prevent unauthorized hardware access

Secure Boot Enforcement

all

Enable and enforce Secure Boot to detect unauthorized firmware modifications

Enable in UEFI/BIOS settings

🧯 If You Can't Patch

Implement strict physical security: locked server rooms, access logs, surveillance
Use hardware security modules or TPM-based attestation to detect firmware tampering

🔍 How to Verify

Check if Vulnerable:

Check firmware vendor and version in UEFI/BIOS settings or using 'dmidecode' command

Check Version:

sudo dmidecode -t bios | grep -i version

Verify Fix Applied:

Verify firmware version after update matches vendor's patched version

📡 Detection & Monitoring

Log Indicators:

Unexpected system reboots
Secure Boot violations
Firmware update logs

Network Indicators:

None - this is physical access only

SIEM Query:

EventID 12 (System start) from unexpected times OR Secure Boot failure events

📊 Metadata

CVE ID: CVE-2024-33660

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-494

Published: November 12, 2024

Last Updated: October 2, 2025

🔗 References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33660, you might also want to check these: