CVE-2024-39609

CWE-284 — Improper Access Control3 documents3 sources

Severity

8.7HIGH

EPSS

0.1%

top 71.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Server Board M70klp2sb Firmware

Timeline

PublishedNov 13

Description

Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶NVDintel/server_board_m70klp2sb_firmware< 01.04.0030

▶CVEListV5intel(r)_server_board_m70klpSee references

Patches

Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-w436-2x44-fv33: Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privile↗2024-11-13

▶

CVEList

CVE-2024-39609: Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privile↗2024-11-13

▶