CVE-2024-28947

EPSS 0.08%
Published 14.08.2024 14:15:26
Last modified 12.09.2024 18:52:38
Source secure@intel.com
Teams watchlist Login
Open Login

Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Server Board S2600st Firmware Version < 02.01.0017

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.235

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
secure@intel.com	7.1	0	0	CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
secure@intel.com	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-28947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-28947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-28947

EUVD