VDB
CVE-2024-39285
CVE-2024-39285
PUBLISHED
Es bestehen mehrere Schwachstellen in der Intel Firmware. Diese Fehler betreffen die UEFI-Firmware bestimmter Intel Server-Produkte aufgrund von unsachgemäßer Eingabevalidierung, Use-after-free-Fehlern und unzureichender Zugriffskontrolle. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um sich erweiterte Rechte zu verschaffen und vertrauliche Informationen preiszugeben. Um einige dieser Schwachstellen auszunutzen, muss ein Angreifer zusätzliche Maßnahmen ergreifen, oder er muss über erweiterte Rechte verfügen.
EPSS 0.06% · 17.8th percentile
Risk Scores
EPSS Score
0.06%
17.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Intel Firmware Server Board S2600BP Family | |
| HPE | HPE Synergy | |
| Intel | Intel Firmware Server Board M20NTP Family | |
| HPE | HPE ProLiant | |
| Intel | Intel Firmware Server Board M10JNP2SB Family | |
| Intel | Intel Firmware Server Board M70KLP Family <v01.04.0030 | |
| Dell | Dell BIOS Precision | |
| HP | HP Computer | |
| HP | HP Computer SimpliVity Server | |
| Dell | Dell PowerScale OneFS | |
| Intel | Intel Firmware Server Board S2600BPBR Family |
Exploit Intelligence
- CIRCL seen: CVE-2024-39285 (circl-sighting)
- CIRCL seen: CVE-2024-39285 (circl-sighting)
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01175.html (circl)
Timeline
- Nov 12, 2024 CVE Published
- Nov 13, 2024 Coalition ESS Score
- Nov 13, 2024 PoC Published
- Nov 14, 2024 EPSS Score
- Nov 14, 2024 PoC Published
- Nov 15, 2024 Coalition ESS Score
- Dec 3, 2024 EPSS Score
- Dec 20, 2024 EPSS Score
- Jan 7, 2025 EPSS Score
- Jan 24, 2025 EPSS Score
- Feb 11, 2025 EPSS Score
- Feb 11, 2025 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3418.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3418 advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01175.html advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01183.html advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-01085.html advisory
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04735en_us&docLocale=en_US advisory
- https://www.dell.com/support/kbdoc/de-de/000244457/dsa-2024-441 advisory
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04755en_us&docLocale=en_US advisory
- https://www.dell.com/support/kbdoc/000283880 advisory
- https://support.hp.com/de-de/document/ish_11946316-11946962-16/HPSBHF04003 advisory