#VU50693 Untrusted search path in Intel products - CVE-2020-24450
Published: February 15, 2021 / Updated: June 21, 2021
Vulnerability identifier: #VU50693
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-24450
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel Server Board S1200SP
Intel Server Board S2600
Intel Server System MCB2208
Intel Server System R1208
Intel Server System R1304
Intel Server System R2208
Intel Server System R2224
Intel Server System R2308
Intel Server System R2312
Intel Server System VRN2208
Server Board Onboard Video Driver for Windows
Intel Server Board S1200SP
Intel Server Board S2600
Intel Server System MCB2208
Intel Server System R1208
Intel Server System R1304
Intel Server System R2208
Intel Server System R2224
Intel Server System R2308
Intel Server System R2312
Intel Server System VRN2208
Server Board Onboard Video Driver for Windows
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an untrusted search path in the installer. A local user can gain elevated prvileges on the target system.
Remediation
Install updates from vendor's website.