CVE-2024-28952

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Nov 13, 2024

Updated: Nov 15, 2024

CWE ID 427

Summary

CVE-2024-28952 is a recently disclosed vulnerability affecting Intel(R) IPP software for Windows before version 2021.12.0. This issue grants authenticated users an unchecked search path, potentially enabling privilege escalation through local access. The vulnerability could allow attackers to gain elevated permissions, increasing the risk of data theft or unauthorized system changes. Intel has released a patch to address this issue, and users are strongly encouraged to install it to mitigate the risk. The specifics of the vulnerability involve the software's failure to properly check user-supplied search paths, creating an opportunity for privilege escalation attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners

CVE-2024-28952

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations