CVE-2024-23487

{"id": "CVE-2024-23487", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2024-05-16T21:16:07.553", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en el controlador UserAuthenticationSmm en el firmware UEFI para algunos productos de la familia Intel(R) Server D50DNP puede permitir que un usuario privilegiado habilite la escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2024-11-21T08:57:48.820", "sourceIdentifier": "secure@intel.com"}