Hid Event Filter Driver
CVE-2024-25561
MEDIUM
Severity by source
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (intel) · only source for this CVE.
CVSS VectorVendor: intel
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
AnalysisAI
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-277. Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Affected products include: Intel Hid Event Filter Driver, Intel Nuc M15 Laptop Kit Lapbc510 Firmware, Intel Nuc M15 Laptop Kit Lapbc710 Firmware, Intel Nuc M15 Laptop Kit Laprc510 Firmware, Intel Nuc M15 Laptop Kit Laprc710 Firmware. Version information: version 2.2.2.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Hid Event Filter Driver
View allImproper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated
Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installa
Same weakness CWE-277 – Insecure Inherited Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today