Multiple F5 BIG-IP Products Vulnerabilities
August 20, 2024North Korean APT Kimsuky aka Black Banshee – Active IOCs
August 20, 2024Multiple F5 BIG-IP Products Vulnerabilities
August 20, 2024North Korean APT Kimsuky aka Black Banshee – Active IOCs
August 20, 2024Severity
High
Analysis Summary
CVE-2024-21801 CVSS:7.1
Intel TDX Module is vulnerable to a denial of service, caused by insufficient control flow management. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-24853 CVSS:7.2
Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM), By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-25576 CVSS:7.9
Intel Agilex FPGA 7 FPGA firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-21801
- CVE-2024-24853
- CVE-2024-25576
Affected Vendors
Affected Products
- Intel Xeon D Processors
- Intel 10th Generation Intel Core Processor Family
- Intel 3rd Generation Intel Xeon Scalable Processor Family
- Intel 3rd Gen Intel Xeon Scalable Processor Family
- Intel 11th Generation Intel Core Processor Family
- Intel Trust Domain Extensions (Intel® TDX) module software
- Intel 2nd Generation Intel Xeon Scalable processor family
- Intel Agilex FPGA 7 FPGA firmware
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.