Privilege Escalation Vulnerability in UEFI Firmware for Intel Server M50FCP Family
CVE-2024-24981

7.5HIGH

Key Information:

Vendor: Intel Corporation
Status: Uefi Firmware For Some Intel(r) Server M50fcp Family Products
Vendor: CVE Published:; 16 May 2024

🔔 Create Intel Corporation Vulnerability Alert

What is CVE-2024-24981?

A security flaw has been identified in the PfrSmiUpdateFw driver within the UEFI firmware of the Intel Server M50FCP Family products. This vulnerability stems from inadequate input validation, potentially allowing a privileged user to exploit local access for privilege escalation. Administrators of affected systems are advised to apply relevant patches or mitigations to safeguard against potential attacks that leverage this flaw.

Affected Version(s)

UEFI firmware for some Intel(R) Server M50FCP Family products See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Feb 8, 2024