RedLine Stealer – Active IOCs
November 14, 2024APT37 aka ScarCruft or RedEyes – Active IOCs
November 14, 2024RedLine Stealer – Active IOCs
November 14, 2024APT37 aka ScarCruft or RedEyes – Active IOCs
November 14, 2024Severity
High
Analysis Summary
CVE-2024-36482 CVSS:8.2
Intel CIP software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an improper input validation flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-34023 CVSS:8.4
Intel Graphics software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an untrusted pointer dereference flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-38665 CVSS:8.4
Intel Graphics software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-21820 CVSS:7.2
Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-23918 CVSS:8.8
Intel Xeon Processor could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper conditions check. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-36242 CVSS:8.8
Intel Processor (SPP) could allow a local authenticated attacker to gain elevated privileges on the system, caused by protection mechanism failure. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-28028 CVSS:7.5
Intel Neural Compressor Software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-32483 CVSS:8.2
Intel Endpoint Management Assistant software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-22185 CVSS:7.2
Intel Xeon Processor Scalable Family could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time-of-check time-of-use race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-36488 CVSS:7.3
Intel Driver Support Assistant could allow a locale authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-36284 CVSS:7.1
Intel Neural Compressor Software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-41167 CVSS:7.5
Intel Server Board M10JNP2SB Family could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in UEFI firmware. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-36482
- CVE-2024-34023
- CVE-2024-38665
- CVE-2024-21820
- CVE-2024-23918
- CVE-2024-36242
- CVE-2024-28028
- CVE-2024-32483
- CVE-2024-22185
- CVE-2024-36488
- CVE-2024-36284
- CVE-2024-41167
Affected Vendors
Affected Products
- Intel Xeon D Processors
- Intel Intel Xeon D Processor
- Intel CIP software
- Intel Graphics software
- Intel 5th Generation Intel Xeon Processor Scalable Family
- Intel 3rd Generation Intel Xeon Processor Scalable Family
- Intel Processor (SPP)
- Intel Neural Compressor software
- Intel Endpoint Management Assistant software
- Intel 4th Generation Xeon Processor Scalable Family
- Intel Driver Support Assistant
- Intel Server Board M10JNP2SB Family
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.