Uncontrolled Search Path Issue in Intel IPP Cryptography Software
CVE-2024-21784

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Ipp Cryptography Software
Vendor: CVE Published:; 14 August 2024

What is CVE-2024-21784?

The vulnerability presents an uncontrolled search path issue in Intel IPP Cryptography software, potentially enabling an authenticated user to escalate privileges through local access. Users with access to the affected versions may exploit this vulnerability to gain elevated rights, which could lead to unauthorized actions within the system. Adhering to recommended security practices and promptly updating to the latest versions can help mitigate risks associated with this issue. For detailed information, refer to the advisory from Intel.

Affected Version(s)

Intel(R) IPP Cryptography software before version 2021.11

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Mar 15, 2024