Skip to main content

Computing Improvement Program CVE-2024-36482

HIGH
Improper Input Validation (CWE-20)
2024-11-13 secure@intel.com
7.1
CVSS 4.0 · Vendor: intel
Share

Severity by source

Vendor (intel) PRIMARY
7.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (intel) · only source for this CVE.

CVSS VectorVendor: intel

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Nov 13, 2024 - 21:15 cve.org
HIGH 7.1

DescriptionCVE.org

Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.

AnalysisAI

Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. Affected products include: Intel Computing Improvement Program. Version information: version 2.4.10852.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-0074 HIGH
7.8 Jun 09

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 ma

CVE-2021-0052 HIGH
7.8 Jun 09

Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenti

CVE-2020-8736 HIGH
7.8 Aug 13

Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an

CVE-2019-11162 HIGH
7.8 Aug 19

Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before ver

CVE-2018-12168 HIGH
7.8 Sep 12

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an

CVE-2020-12308 MEDIUM
6.5 Nov 12

Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged

CVE-2024-36276 MEDIUM
5.4 Nov 13

Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user t

CVE-2025-24863 MEDIUM
6.0 Nov 11

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appl

CVE-2025-24862 LOW
2.0 Nov 11

Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within

CVE-2025-24847 MEDIUM
5.7 Nov 11

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applicat

CVE-2025-24838 HIGH
7.7 Nov 11

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appl

CVE-2025-24834 MEDIUM
6.0 Nov 11

Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appli

Share

CVE-2024-36482 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy