#VU96256 Input validation error in Intel products - CVE-2024-34163


Vulnerability identifier: #VU96256

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34163

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel NUC X15 Laptop Kit - LAPAC71G
Hardware solutions / Firmware
Intel NUC X15 Laptop Kit - LAPAC71H
Hardware solutions / Firmware
Intel NUC M15 Laptop Kit - LAPBC510
Hardware solutions / Firmware
Intel NUC M15 Laptop Kit - LAPBC710
Hardware solutions / Firmware
Intel NUC M15 Laptop Kit - LAPRC510
Hardware solutions / Firmware
Intel NUC M15 Laptop Kit - LAPRC710
Hardware solutions / Firmware
Intel NUC X15 Laptop Kit - LAPKC51E
Hardware solutions / Firmware
Intel NUC X15 Laptop Kit - LAPKC71E
Hardware solutions / Firmware
Intel NUC X15 Laptop Kit - LAPKC71F
Hardware solutions / Firmware

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel NUC X15 Laptop Kit - LAPAC71G: before ACADL357.0065

Intel NUC X15 Laptop Kit - LAPAC71H: before ACADL357.0065

Intel NUC M15 Laptop Kit - LAPBC510: before BCTGL357.0083

Intel NUC M15 Laptop Kit - LAPBC710: before BCTGL357.0083

Intel NUC M15 Laptop Kit - LAPRC510: before RCADL357.0066

Intel NUC M15 Laptop Kit - LAPRC710: before RCADL357.0066

Intel NUC X15 Laptop Kit - LAPKC51E: before KCTGL357.0048

Intel NUC X15 Laptop Kit - LAPKC71E: before KCTGL357.0048

Intel NUC X15 Laptop Kit - LAPKC71F: before KCTGL357.0048

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Intel NUC BIOS firmware