

MassLogger Malware – Active IOCs
January 9, 2025
Agent Tesla Malware – Active IOCs
January 10, 2025
MassLogger Malware – Active IOCs
January 9, 2025
Agent Tesla Malware – Active IOCs
January 10, 2025Severity
Medium
Analysis Summary
CVE-2024-37027 CVSS:6.1
Intel VTune Profiler software is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-34167 CVSS:6.7
Intel Server Board S2600ST Family BIOS and Firmware Update software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.
CVE-2024-36276 CVSS:6.7
Intel CIP software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an insecure inherited permissions flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-36253 CVSS:6.7
Intel SDP Tool for Windows software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search paths flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-35201 CVSS:6.7
Intel SDP Tool for Windows software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permissions flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-37024 CVSS:6.7
Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-37027
- CVE-2024-34167
- CVE-2024-36276
- CVE-2024-36253
- CVE-2024-35201
- CVE-2024-37024
Affected Vendors
Affected Products
- Intel VTune Profiler
- Intel CIP software
- Intel Server Board S2600ST Family BIOS and Firmware Update software
- Intel SDP Tool for Windows software
- Intel ACAT Software
Remediation
Refer to INTEL Security Advisory for patch, upgrade, or suggested workaround information.