Uncontrolled Search Path Vulnerability in Intel Processor Identification Utility
CVE-2024-21774

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Processor Identification Utility Software
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-21774?

The uncontrolled search path vulnerability in Intel's Processor Identification Utility allows an authenticated user to manipulate the search path for resource loading. This can potentially lead to privilege escalation through local access, enabling the execution of unauthorized code with elevated privileges. Users of versions prior to 6.10.34.1129 and 7.1.6 are advised to update their software to mitigate exposure to this security risk.

Affected Version(s)

Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Jan 2, 2024

JSON