Analysis Summary

CVE-2024-40885 CVSS:6.4

Intel Server M20NTP BIOS could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in UEFI firmware. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-37181 CVSS:2.6

Intel Neural Compressor Software could allow a remote attacker to obtain sensitive information caused by Time-of-check time-of-use race conditions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.

CVE-2024-34022 CVSS:6.7

Intel Thunderbolt Share could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to escalate privilege.

CVE-2024-33611 CVSS:3.4

Intel PROSet/Wireless WiFi software for Windows is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

• Privilege Escalation
• Denial of Service
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-40885

• CVE-2024-37181

• CVE-2024-34022

• CVE-2024-33611

Affected Vendors

Affected Products

• Intel Neural Compressor software
• Intel Wi-Fi 6E AX210 (TyP2)
• Intel Killer Wi-Fi AX1675x/w2
• Intel Server M20NTP BIOS
• Intel Thunderbolt Share Software
• Intel Wi-Fi 6 AX200 (CcP2)
• Intel Killer Wi-Fi AX1650x/w2

Remediation

Refer to Intel Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2024-40885

CVE-2024-37181

CVE-2024-34022

CVE-2024-33611