Multiple vulnerabilities in Intel Chipset Firmware



Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2024-38307
CVE-2024-30211
CVE-2024-26021
CWE-ID CWE-20
CWE-284
CWE-665
Exploitation vector Network
Public exploit N/A
Vulnerable software
Converged Security and Management Engine (CSME)
Hardware solutions / Firmware

Intel Active Management Technology
Hardware solutions / Firmware

Intel C420 Chipset
Hardware solutions / Firmware

Intel X299 Chipset
Hardware solutions / Firmware

Intel C620 Series Chipset
Hardware solutions / Firmware

8th Gen Intel Core processor
Hardware solutions / Firmware

Intel 100 Series Chipset
Hardware solutions / Firmware

Intel 200 Series Chipset
Hardware solutions / Firmware

Intel C230 series chipset
Hardware solutions / Firmware

Intel C240 Series Chipset
Hardware solutions / Firmware

Intel 300 Series Chipset
Hardware solutions / Firmware

Pentium Gold processor series (G54XXU)
Hardware solutions / Firmware

Celeron processor 4000 series
Hardware solutions / Firmware

Intel Celeron N4000 Processors
Hardware solutions / Firmware

Intel Celeron processor J3000/N3000 series
Hardware solutions / Firmware

Intel Pentium Processor N4000 Series
Hardware solutions / Firmware

Intel Pentium Processor J4000 Series
Hardware solutions / Firmware

Intel Atom processor X E3900 series
Hardware solutions / Firmware

Intel 600 Series Chipset
Hardware solutions / Firmware

Intel W790 chipset
Hardware solutions / Firmware

Intel 700 series chipset
Hardware solutions / Firmware

Intel Celeron Processor J Series
Hardware solutions / Firmware

Celeron processor N series
Hardware solutions / Firmware

Intel Atom x6000E series
Hardware solutions / Firmware

C740 series chipset
Hardware solutions / Firmware

Intel 500 series chipset
Hardware solutions / Firmware

Intel C250 Series Chipset
Hardware solutions / Firmware

Intel 400 Series Chipset
Hardware solutions / Firmware

Intel Pentium Processor Silver Series
Hardware solutions / Firmware

10th Generation Intel Core Processors
Hardware solutions / Firmware

Intel Pentium processor N5000 series
Hardware solutions / Firmware

Intel Pentium processor J5000 series
Hardware solutions / Firmware

Standard Manageability (ISM)
Hardware solutions / Security hardware applicances

Intel Management Engine (ME) driver for Windows
Hardware solutions / Drivers

Intel Pentium Processor J Series
Hardware solutions / Other hardware appliances

Intel Pentium Processor N Series
Hardware solutions / Other hardware appliances

Vendor Intel

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU104063

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38307

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Converged Security and Management Engine (CSME): All versions

Intel Active Management Technology: All versions

Standard Manageability (ISM): All versions

Intel C420 Chipset: All versions

Intel X299 Chipset: All versions

Intel C620 Series Chipset: All versions

8th Gen Intel Core processor: All versions

Intel 100 Series Chipset: All versions

Intel 200 Series Chipset: All versions

Intel C230 series chipset: All versions

Intel C240 Series Chipset: All versions

Intel 300 Series Chipset: All versions

Pentium Gold processor series (G54XXU): All versions

Celeron processor 4000 series: All versions

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU104075

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-30211

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Management Engine (ME) driver for Windows: All versions

Intel Celeron N4000 Processors: All versions

Intel Celeron processor J3000/N3000 series: All versions

Intel Pentium Processor N4000 Series: All versions

Intel Pentium Processor J4000 Series: All versions

Intel Atom processor X E3900 series: All versions

Intel 600 Series Chipset: All versions

Intel W790 chipset: All versions

Intel 700 series chipset: All versions

Intel Celeron Processor J Series: All versions

Celeron processor N series: All versions

Intel Pentium Processor J Series: All versions

Intel Pentium Processor N Series: All versions

Intel Atom x6000E series: All versions

C740 series chipset: All versions

Intel 500 series chipset: All versions

Intel C250 Series Chipset: All versions

Intel 400 Series Chipset: All versions

Intel Pentium Processor Silver Series: All versions

10th Generation Intel Core Processors: All versions

Celeron processor 4000 series: All versions

Pentium Gold processor series (G54XXU): All versions

Intel 300 Series Chipset: All versions

Intel C240 Series Chipset: All versions

Intel C230 series chipset: All versions

Intel 200 Series Chipset: All versions

Intel 100 Series Chipset: All versions

8th Gen Intel Core processor: All versions

Intel C620 Series Chipset: All versions

Intel X299 Chipset: All versions

Intel C420 Chipset: All versions

Intel Pentium processor N5000 series: All versions

Intel Pentium processor J5000 series: All versions

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Initialization

EUVDB-ID: #VU104071

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26021

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization. A local administrator can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Active Management Technology: All versions

Standard Manageability (ISM): All versions

Intel C420 Chipset: All versions

Intel X299 Chipset: All versions

Intel C620 Series Chipset: All versions

8th Gen Intel Core processor: All versions

Intel 100 Series Chipset: All versions

Intel 200 Series Chipset: All versions

Intel C230 series chipset: All versions

Intel C240 Series Chipset: All versions

Intel 300 Series Chipset: All versions

Pentium Gold processor series (G54XXU): All versions

Celeron processor 4000 series: All versions

Intel 400 Series Chipset: All versions

Intel C250 Series Chipset: All versions

Intel 500 series chipset: All versions

C740 series chipset: All versions

Intel 600 Series Chipset: All versions

Intel 700 series chipset: All versions

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###