Uncontrolled Search Path Vulnerability in Intel Server M50FCP BIOS and Firmware
CVE-2024-42492

5.4MEDIUM

Key Information:

Vendor: Intel
Status: BiOS And System Firmware Update Package For Intel(r) Server M50fcp Family
Vendor: CVE Published:; 12 February 2025

Summary

An uncontrolled search path vulnerability exists in the BIOS and System Firmware Update Package for the Intel Server M50FCP family prior to version R01.02.0002. This flaw allows a privileged user with local access to potentially escalate their privileges, thereby gaining unauthorized access to sensitive system components. It is crucial for users of affected systems to apply the latest firmware updates to mitigate this risk. For further details, please refer to Intel's advisory.

Affected Version(s)

BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Aug 15, 2024