CVE-2024-22095

{"id": "CVE-2024-22095", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.6}]}, "published": "2024-05-16T21:16:06.320", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "source": "secure@intel.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access."}, {"lang": "es", "value": " La validaci\u00f3n de entrada incorrecta en el controlador PlatformVariableInitDxe en el firmware UEFI para algunos productos de la familia Intel(R) Server D50DNP puede permitir que un usuario privilegiado habilite la escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2024-08-20T15:35:02.417", "sourceIdentifier": "secure@intel.com"}