Severity
Medium
Analysis Summary
CVE-2024-40885 CVSS:6.4
Intel Server M20NTP BIOS could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in UEFI firmware. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-37181 CVSS:2.6
Intel Neural Compressor Software could allow a remote attacker to obtain sensitive information caused by Time-of-check time-of-use race conditions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2024-34022 CVSS:6.7
Intel Thunderbolt Share could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-33611 CVSS:3.4
Intel PROSet/Wireless WiFi software for Windows is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Privilege Escalation
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
CVE-2024-40885
CVE-2024-37181
CVE-2024-34022
CVE-2024-33611
Affected Vendors
Affected Products
- Intel Neural Compressor software
- Intel Wi-Fi 6E AX210 (TyP2)
- Intel Killer Wi-Fi AX1675x/w2
- Intel Server M20NTP BIOS
- Intel Thunderbolt Share Software
- Intel Wi-Fi 6 AX200 (CcP2)
- Intel Killer Wi-Fi AX1650x/w2
Remediation
Refer to Intel Security Advisory for patch, upgrade, or suggested workaround information.