Improper Input Validation in UEFI Firmware of Intel Server D50DNP Family Products
CVE-2024-22382

7.5HIGH

Key Information:

Vendor: Intel
Status: Pprrequestlog Module In Uefi Firmware For Some Intel(r) Server D50dnp Family Products
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-22382?

The vulnerability arises from improper input validation in the PprRequestLog module within the UEFI firmware of specific Intel Server D50DNP Family products. This flaw could allow a privileged user to exploit local access capabilities and escalate their privileges. Ensuring the integrity and security of firmware is essential in mitigating risks associated with unauthorized access and maintaining the overall security posture of affected systems. Organizations utilizing these Intel server products should review their systems for potential exposure and apply available patches promptly.

Affected Version(s)

PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Jan 24, 2024