SB2024111431 - Multiple vulnerabilities in Intel DSA Software
Published: November 14, 2024 Updated: November 25, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper access control (CVE-ID: CVE-2024-36488)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the system.
2) Insecure Inherited Permissions (CVE-ID: CVE-2024-36294)
CWE-ID: CWE-277 - Insecure inherited permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure inherited permissions, which leads to security restrictions bypass and privilege escalation.
Remediation
Install update from vendor's website.