CVE-2024-31154

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 13, 2024

Updated: Nov 15, 2024

CWE ID 20

Summary

CVE-2024-31154 is a newly disclosed vulnerability affecting certain Intel(R) Server S2600BPBR systems. The issue lies in the UEFI firmware's input validation process, which is found to be insufficient. This flaw could potentially enable a privileged user to escalate their privileges through local access. The exact exploitation steps and required privileges are not yet clear, but the implications could pose a significant risk to cybersecurity if exploited. Intel is working on a patch to address this vulnerability and users are advised to apply it as soon as it becomes available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wM1dUn
https://www.cve.org/CVERecord?id=CVE-2024-31154
https://nvd.nist.gov/vuln/detail/CVE-2024-31154

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners

CVE-2024-31154

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations