Multiple vulnerabilities in Intel Chipset Firmware
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-38307 CVE-2024-30211 CVE-2024-26021 |
| CWE-ID | CWE-20 CWE-284 CWE-665 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Converged Security and Management Engine (CSME) Hardware solutions / Firmware Intel Active Management Technology Hardware solutions / Firmware Intel C420 Chipset Hardware solutions / Firmware Intel X299 Chipset Hardware solutions / Firmware Intel C620 Series Chipset Hardware solutions / Firmware 8th Gen Intel Core processor Hardware solutions / Firmware Intel 100 Series Chipset Hardware solutions / Firmware Intel 200 Series Chipset Hardware solutions / Firmware Intel C230 series chipset Hardware solutions / Firmware Intel C240 Series Chipset Hardware solutions / Firmware Intel 300 Series Chipset Hardware solutions / Firmware Pentium Gold processor series (G54XXU) Hardware solutions / Firmware Celeron processor 4000 series Hardware solutions / Firmware Intel Celeron N4000 Processors Hardware solutions / Firmware Intel Celeron processor J3000/N3000 series Hardware solutions / Firmware Intel Pentium Processor N4000 Series Hardware solutions / Firmware Intel Pentium Processor J4000 Series Hardware solutions / Firmware Intel Atom processor X E3900 series Hardware solutions / Firmware Intel 600 Series Chipset Hardware solutions / Firmware Intel W790 chipset Hardware solutions / Firmware Intel 700 series chipset Hardware solutions / Firmware Intel Celeron Processor J Series Hardware solutions / Firmware Celeron processor N series Hardware solutions / Firmware Intel Atom x6000E series Hardware solutions / Firmware C740 series chipset Hardware solutions / Firmware Intel 500 series chipset Hardware solutions / Firmware Intel C250 Series Chipset Hardware solutions / Firmware Intel 400 Series Chipset Hardware solutions / Firmware Intel Pentium Processor Silver Series Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware Intel Pentium processor N5000 series Hardware solutions / Firmware Intel Pentium processor J5000 series Hardware solutions / Firmware Standard Manageability (ISM) Hardware solutions / Security hardware applicances Intel Management Engine (ME) driver for Windows Hardware solutions / Drivers Intel Pentium Processor J Series Hardware solutions / Other hardware appliances Intel Pentium Processor N Series Hardware solutions / Other hardware appliances |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU104063
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38307
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsConverged Security and Management Engine (CSME): All versions
Intel Active Management Technology: All versions
Standard Manageability (ISM): All versions
Intel C420 Chipset: All versions
Intel X299 Chipset: All versions
Intel C620 Series Chipset: All versions
8th Gen Intel Core processor: All versions
Intel 100 Series Chipset: All versions
Intel 200 Series Chipset: All versions
Intel C230 series chipset: All versions
Intel C240 Series Chipset: All versions
Intel 300 Series Chipset: All versions
Pentium Gold processor series (G54XXU): All versions
Celeron processor 4000 series: All versions
CPE2.3- cpe:2.3:h:intel:csme:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_active_management_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_ism:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c620_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU104075
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-30211
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Management Engine (ME) driver for Windows: All versions
Intel Celeron N4000 Processors: All versions
Intel Celeron processor J3000/N3000 series: All versions
Intel Pentium Processor N4000 Series: All versions
Intel Pentium Processor J4000 Series: All versions
Intel Atom processor X E3900 series: All versions
Intel 600 Series Chipset: All versions
Intel W790 chipset: All versions
Intel 700 series chipset: All versions
Intel Celeron Processor J Series: All versions
Celeron processor N series: All versions
Intel Pentium Processor J Series: All versions
Intel Pentium Processor N Series: All versions
Intel Atom x6000E series: All versions
C740 series chipset: All versions
Intel 500 series chipset: All versions
Intel C250 Series Chipset: All versions
Intel 400 Series Chipset: All versions
Intel Pentium Processor Silver Series: All versions
10th Generation Intel Core Processors: All versions
Celeron processor 4000 series: All versions
Pentium Gold processor series (G54XXU): All versions
Intel 300 Series Chipset: All versions
Intel C240 Series Chipset: All versions
Intel C230 series chipset: All versions
Intel 200 Series Chipset: All versions
Intel 100 Series Chipset: All versions
8th Gen Intel Core processor: All versions
Intel C620 Series Chipset: All versions
Intel X299 Chipset: All versions
Intel C420 Chipset: All versions
Intel Pentium processor N5000 series: All versions
Intel Pentium processor J5000 series: All versions
CPE2.3- cpe:2.3:h:intel:intel_management_engine_me_driver_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_n4000_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_j3000_n3000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_n4000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_j4000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_processor_x_e3900_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_600_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_w790_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_700_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_j_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:celeron_processor_n_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_j_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_n_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_x6000e_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:c740_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_500_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c250_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_400_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_silver_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c620_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_n5000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_j5000_series:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Initialization
EUVDB-ID: #VU104071
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization. A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Active Management Technology: All versions
Standard Manageability (ISM): All versions
Intel C420 Chipset: All versions
Intel X299 Chipset: All versions
Intel C620 Series Chipset: All versions
8th Gen Intel Core processor: All versions
Intel 100 Series Chipset: All versions
Intel 200 Series Chipset: All versions
Intel C230 series chipset: All versions
Intel C240 Series Chipset: All versions
Intel 300 Series Chipset: All versions
Pentium Gold processor series (G54XXU): All versions
Celeron processor 4000 series: All versions
Intel 400 Series Chipset: All versions
Intel C250 Series Chipset: All versions
Intel 500 series chipset: All versions
C740 series chipset: All versions
Intel 600 Series Chipset: All versions
Intel 700 series chipset: All versions
CPE2.3- cpe:2.3:h:intel:intel_active_management_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_ism:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c620_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_400_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c250_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_500_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:c740_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_600_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_700_series_chipset:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
