CVE-2024-36276 — Insecure Inherited Permissions in Intel Computing Improvement Program

CWE-277 — Insecure Inherited Permissions CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 67.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Computing Improvement Program

Timeline

PublishedNov 13

Description

Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

▶NVDintel/computing_improvement_program< 2.4.10852

Patches

Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2024-36276: Insecure inherited permissions for some Intel(R) CIP software before version 2↗2024-11-13

▶

GHSA

GHSA-x3rw-xr73-fq7h: Insecure inherited permissions for some Intel(R) CIP software before version 2↗2024-11-13

▶