CVE-2022-24379

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 79.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Server Board M70klp2sb Firmware Intel Server System M70klp4s2uhh Firmware

Timeline

PublishedNov 14

Description

Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5intel(r)_server_system_m70klp_family_bios_firmwarebefore version 01.04.0029

▶NVDintel/server_system_m70klp4s2uhh_firmware< 01.04.0022

▶NVDintel/server_board_m70klp2sb_firmware< 01.04.0022

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-24379: Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01↗2023-11-14

▶

GHSA

GHSA-px59-5w52-jv25: Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01↗2023-11-14

▶