Severity
High
Analysis Summary
CVE-2024-32483 CVSS:8.2
Intel Endpoint Management Assistant software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-39368 CVSS:8
Intel Neural Compressor Software is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2024-41167 CVSS:7.5
Intel Server Board M10JNP2SB Family could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in UEFI firmware. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-36284 CVSS:7.1
Intel Neural Compressor Software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-39609 CVSS:7.5
Intel Server Board M70KLP could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control in UEFI firmware. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-31154 CVSS:7.5
Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-24985 CVSS:7.2
Intel Xeon Processor Scalable Family could allow a local authenticated attacker to gain elevated privileges on the system, caused by exposure of resource to wrong sphere. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-39766 CVSS:7
Intel Neural Compressor Software is vulnerable to SQL injection. A local attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2024-31158 CVSS:7.5
Intel Server Board S2600BP Family could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in UEFI firmware. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Data Manipulation
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-32483
- CVE-2024-39368
- CVE-2024-41167
- CVE-2024-36284
- CVE-2024-39609
- CVE-2024-31154
- CVE-2024-24985
- CVE-2024-39766
- CVE-2024-31158
Affected Vendors
Affected Products
- Intel Neural Compressor Software 2.4.1
- Intel Server Board S2600BP Family
- Intel Neural Compressor software
- Intel Endpoint Management Assistant software
- Intel 4th Generation Xeon Processor Scalable Family
- Intel 5th Generation Xeon Processor Scalable Family
- Intel Server Board M10JNP2SB Family
- Intel Server Board M70KLP
- Intel Server S2600BPBR
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.