{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-24981", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2024-02-08T04:00:11.996Z", "datePublished": "2024-05-16T20:46:59.400Z", "dateUpdated": "2024-08-20T14:44:12.176Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:46:59.400Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper Input Validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "UEFI firmware for some Intel(R) Server M50FCP Family products", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "affected": [{"vendor": "intel", "product": "intel_server_m50fcp_family", "cpes": ["cpe:2.3:a:intel:intel_server_m50fcp_family:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "*", "status": "affected"}]}, {"vendor": "intel", "product": "intel_server_d50fcp_family", "cpes": ["cpe:2.3:a:intel:intel_server_d50fcp_family:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "*", "status": "affected"}]}, {"vendor": "intel", "product": "server_board_s2600bp_firmware", "cpes": ["cpe:2.3:o:intel:server_board_s2600bp_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-23T17:33:48.980065Z", "id": "CVE-2024-24981", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T14:44:12.176Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.126Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:36:21.126Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-24981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-23T17:33:48.980065Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:intel:intel_server_m50fcp_family:*:*:*:*:*:*:*:*"], "vendor": "intel", "product": "intel_server_m50fcp_family", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:intel:intel_server_d50fcp_family:*:*:*:*:*:*:*:*"], "vendor": "intel", "product": "intel_server_d50fcp_family", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:intel:server_board_s2600bp_firmware:-:*:*:*:*:*:*:*"], "vendor": "intel", "product": "server_board_s2600bp_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T17:29:36.029Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "UEFI firmware for some Intel(R) Server M50FCP Family products", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"}], "descriptions": [{"lang": "en", "value": "Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:46:59.400Z"}}}, "cveMetadata": {"cveId": "CVE-2024-24981", "state": "PUBLISHED", "dateUpdated": "2024-08-20T14:44:12.176Z", "dateReserved": "2024-02-08T04:00:11.996Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-05-16T20:46:59.400Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}, {"lang": "es", "value": " La validaci\u00f3n de entrada incorrecta en el controlador PfrSmiUpdateFw en el firmware UEFI para algunos productos de la familia Intel(R) Server M50FCP puede permitir que un usuario privilegiado habilite la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2024-24981", "lastModified": "2024-07-03T01:48:32.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2024-05-16T21:16:07.970", "references": [{"source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@intel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}