Description:
Fix several critical vulnerabilities of specified BIOS versions, preventing damage from those vulnerabilities being exploited.
OnLogic Security Advisory ID: OL-2025-0A0101
Type: Advisory
Fixed Vulnerabilities:
Vulnerability | Description | CVSS | CVSS Vector | Found version | Fixed version |
---|---|---|---|---|---|
CVE-2023-23583 | Prevent from an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2023-39539,CVE-2023-39538 | Fix potential risk when using a PNG/BMP logo | 7.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2023-39537,CVE-2023-39536,CVE-2023-39535,CVE-2023-34470 | Fix potential risk when using the local network | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2022-29974 | Fix AMI NTFS driver buffer overflow issue. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2024-45332 | Fix potential risk | 5.7 | CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2024-31068,CVE-2023-39368,CVE-2023-38575 | Prevent from potentially causing denial of service or information disclosure via local access. | 5.3-6.5 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2024-23984 | Prevent from a privileged user to potentially enable information disclosure via local access. | 6.8 | CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2023-22655 | Prevent from a privileged user to potentially enable escalation of privilege via local access. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
CVE-2023-34469 | Fix AMI AptioV issue to prevent loss of confidentiality | 4.6 | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | AX301-A01-P_10.01.ROM | AX301-A01-P_10.02.ROM |
First Public Date: 2025/06/13
Last Update Date: 2025/06/13
Affected Products:
Update BIOS version to AX301-A01-P_10.02.ROM