CVE-2024-24981

{"id": "CVE-2024-24981", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2024-05-16T21:16:07.970", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}, {"lang": "es", "value": " La validaci\u00f3n de entrada incorrecta en el controlador PfrSmiUpdateFw en el firmware UEFI para algunos productos de la familia Intel(R) Server M50FCP puede permitir que un usuario privilegiado habilite la escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2024-11-21T09:00:04.970", "sourceIdentifier": "secure@intel.com"}