#VU104036 Input validation error in Intel products - CVE-2024-24582
Published: February 18, 2025
Vulnerability identifier: #VU104036
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-24582
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
UEFI firmware
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
13th Generation Intel Core Processors
Intel Core Ultra family
UEFI firmware
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
13th Generation Intel Core Processors
Intel Core Ultra family
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in XmlCli feature. A local administrator can pass specially crafted input to the application and gain elevated privileges.
Remediation
Install updates from vendor's website.