Privilege Escalation Vulnerability in Intel UEFI Firmware for Server D50DNP Products
CVE-2024-23487

7.5HIGH

Key Information:

Vendor: Intel
Status: Uefi Firmware For Some Intel(r) Server D50dnp Family Products
Vendor: CVE Published:; 16 May 2024

Summary

A vulnerability exists in the UserAuthenticationSmm driver within the UEFI firmware of certain Intel® Server D50DNP Family products. This flaw stems from improper input validation, potentially allowing a privileged user with local access to execute actions that could escalate their privileges within the system. Exploiting this vulnerability may grant unauthorized control over critical system functionalities, jeopardizing the security posture of the affected systems. Users and administrators are urged to apply recommended patches and updates to mitigate the risks associated with this identified vulnerability.

Affected Version(s)

UEFI firmware for some Intel(R) Server D50DNP Family products See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Feb 8, 2024