Vulnerability-Lookup

CVE-2024-28047 (GCVE-0-2024-28047)

Vulnerability from cvelistv5 – Published: 2025-02-12 21:19 – Updated: 2025-11-03 20:37

Summary

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Information Disclosure
CWE-20 - Improper Input Validation

Assigner

intel

References

2 references

URL	Tags
https://intel.com/content/www/us/en/security-cent…
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T15:04:18.370518Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T17:31:44.501Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:37:05.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-12T21:19:36.237Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html",
          "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2024-28047",
    "datePublished": "2025-02-12T21:19:36.237Z",
    "dateReserved": "2024-03-27T03:00:07.376Z",
    "dateUpdated": "2025-11-03T20:37:05.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-28047",
      "date": "2026-06-06",
      "epss": "0.0001",
      "percentile": "0.01141"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-28047\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2025-02-12T22:15:31.983\",\"lastModified\":\"2025-11-03T21:16:08.787\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n de entrada incorrecta en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html\",\"source\":\"secure@intel.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/03/msg00021.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:37:05.533Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28047\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-13T15:04:18.370518Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-13T15:05:36.701Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html\", \"name\": \"https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Information Disclosure\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2025-02-12T21:19:36.237Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-28047\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:37:05.533Z\", \"dateReserved\": \"2024-03-27T03:00:07.376Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2025-02-12T21:19:36.237Z\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-0323

Vulnerability from csaf_certbund - Published: 2025-02-11 23:00 - Updated: 2025-05-12 22:00

Summary

Intel Firmware: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in der Intel Firmware ausnutzen, um erweiterte Rechte zu erlangen, einen Denial of Service Zustand herbeizuführen oder vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme: - BIOS/Firmware

CVE-2024-21859

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-31155

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2023-34440

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2023-43758

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-24582

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-28047

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-28127

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-29214

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-31157

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-39279

Affected products

Known affected 15 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—

CVE-2024-25571

Affected products

Known affected 16 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
HP BIOS HP	`cpe:/h:hp:bios:-`	—
Intel Firmware Intel / Firmware	`cpe:/a:intel:firmware:-`	—
Dell PowerEdge <2.5.4 Dell / PowerEdge		<2.5.4
HPE Synergy HPE	`cpe:/h:hpe:synergy:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
HPE ProLiant HPE	`cpe:/h:hp:proliant:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Lenovo Computer Lenovo	`cpe:/h:lenovo:computer:-`	—
Fujitsu BIOS Fujitsu	`cpe:/a:fujitsu:bios:-`	—
Dell PowerEdge Dell / PowerEdge	`cpe:/h:dell:poweredge:-`	—
Intel Firmware SPS <SPS_E5_06.01.04.059.0 Intel / Firmware		SPS <SPS_E5_06.01.04.059.0

References

20 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://www.intel.com/content/www/us/en/security-…	external
https://www.dell.com/support/kbdoc/000239036	external
https://www.dell.com/support/kbdoc/de-de/00028389…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://www.dell.com/support/kbdoc/de-de/00023684…	external
https://support.lenovo.com/us/en/product_security…	external
https://security.ts.fujitsu.com/ProductSecurity/c…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://ubuntu.com/security/notices/USN-7269-1	external
https://ubuntu.com/security/notices/USN-7269-2	external
https://alas.aws.amazon.com/AL2/ALAS-2025-2787.html	external
https://support.hp.com/us-en/document/ish_1208028…	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://www.dell.com/support/kbdoc/000283929	external
https://access.redhat.com/errata/RHSA-2025:7043	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in der Intel Firmware ausnutzen, um erweiterte Rechte zu erlangen, einen Denial of Service Zustand herbeizuf\u00fchren oder vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0323 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0323.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0323 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0323"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-01198 vom 2025-02-11",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01198.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-01139 vom 2025-02-11",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-01120 vom 2025-02-11",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01120.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-005 vom 2025-02-12",
        "url": "https://www.dell.com/support/kbdoc/000239036"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-041 vom 2025-02-11",
        "url": "https://www.dell.com/support/kbdoc/de-de/000283897/dsa-2025-041-security-update-for-dell-poweredge-server-for-intel-2025-security-advisories-2025-1-ipu"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin HPESBHF04790 vom 2025-02-11",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04790en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-001 vom 2025-02-11",
        "url": "https://www.dell.com/support/kbdoc/de-de/000236844/dsa-2025-001"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-186850 vom 2025-02-12",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-186850"
      },
      {
        "category": "external",
        "summary": "Fujitsu PSIRT Security Advisories vom 2025-02-13",
        "url": "https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-FJ-ISS-2024-092000-Security-Advisory.asp?lng=com"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-C99F9D789A vom 2025-02-14",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-c99f9d789a"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-DD577CF35F vom 2025-02-14",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-dd577cf35f"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7269-1 vom 2025-02-17",
        "url": "https://ubuntu.com/security/notices/USN-7269-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7269-2 vom 2025-02-24",
        "url": "https://ubuntu.com/security/notices/USN-7269-2"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2025-2787 vom 2025-03-07",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2787.html"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF04010 vom 2025-01-29",
        "url": "https://support.hp.com/us-en/document/ish_12080286-12080322-16/HPSBHF04010"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4095 vom 2025-03-29",
        "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00021.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-042 vom 2025-04-04",
        "url": "https://www.dell.com/support/kbdoc/000283929"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:7043 vom 2025-05-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:7043"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Firmware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-13T11:01:02.556+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0323",
      "initial_release_date": "2025-02-11T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-11T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-02-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-02-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-02-23T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-03-09T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2025-03-30T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-04-03T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2025-05-12T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T036868",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Dell PowerEdge",
                "product": {
                  "name": "Dell PowerEdge",
                  "product_id": "T040784",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:poweredge:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.5.4",
                "product": {
                  "name": "Dell PowerEdge \u003c2.5.4",
                  "product_id": "T042387"
                }
              },
              {
                "category": "product_version",
                "name": "2.5.4",
                "product": {
                  "name": "Dell PowerEdge 2.5.4",
                  "product_id": "T042387-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:dell:poweredge:2.5.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerEdge"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fujitsu BIOS",
            "product": {
              "name": "Fujitsu BIOS",
              "product_id": "T027696",
              "product_identification_helper": {
                "cpe": "cpe:/a:fujitsu:bios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fujitsu"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP BIOS",
            "product": {
              "name": "HP BIOS",
              "product_id": "T033440",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:bios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HPE ProLiant",
            "product": {
              "name": "HPE ProLiant",
              "product_id": "T027705",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:proliant:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "HPE Synergy",
            "product": {
              "name": "HPE Synergy",
              "product_id": "T019820",
              "product_identification_helper": {
                "cpe": "cpe:/h:hpe:synergy:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Intel Firmware",
                "product": {
                  "name": "Intel Firmware",
                  "product_id": "T041011",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "SPS \u003cSPS_E5_06.01.04.059.0",
                "product": {
                  "name": "Intel Firmware SPS \u003cSPS_E5_06.01.04.059.0",
                  "product_id": "T041012"
                }
              },
              {
                "category": "product_version",
                "name": "SPS SPS_E5_06.01.04.059.0",
                "product": {
                  "name": "Intel Firmware SPS SPS_E5_06.01.04.059.0",
                  "product_id": "T041012-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:sps__sps_e5_06.01.04.059.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T033443",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Lenovo Computer",
            "product": {
              "name": "Lenovo Computer",
              "product_id": "T026557",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21859",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-21859"
    },
    {
      "cve": "CVE-2024-31155",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-31155"
    },
    {
      "cve": "CVE-2023-34440",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-34440"
    },
    {
      "cve": "CVE-2023-43758",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2023-43758"
    },
    {
      "cve": "CVE-2024-24582",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-24582"
    },
    {
      "cve": "CVE-2024-28047",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-28047"
    },
    {
      "cve": "CVE-2024-28127",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-28127"
    },
    {
      "cve": "CVE-2024-29214",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-29214"
    },
    {
      "cve": "CVE-2024-31157",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-31157"
    },
    {
      "cve": "CVE-2024-39279",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-39279"
    },
    {
      "cve": "CVE-2024-25571",
      "product_status": {
        "known_affected": [
          "67646",
          "T036868",
          "T033443",
          "74185",
          "T033440",
          "T041011",
          "T042387",
          "T019820",
          "2951",
          "T027705",
          "T000126",
          "398363",
          "T026557",
          "T027696",
          "T040784",
          "T041012"
        ]
      },
      "release_date": "2025-02-11T23:00:00.000+00:00",
      "title": "CVE-2024-25571"
    }
  ]
}

WID-SEC-W-2025-1031

Vulnerability from csaf_certbund - Published: 2025-05-13 22:00 - Updated: 2025-05-15 22:00

Summary

Intel Server Board D50DNP und M50FCP: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in der Intel Server Board D50DNP und M50FCP Firmware ausnutzen, um seine Privilegien zu erhöhen und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme: - BIOS/Firmware

CVE-2024-21829

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2024-21859

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2024-28047

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2024-31155

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2024-31157

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2025-20009

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2025-20034

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2025-20082

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2025-21094

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2025-21100

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

CVE-2025-24308

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Intel Firmware Server Board D50DNP <R01.02.0003 Intel / Firmware		Server Board D50DNP <R01.02.0003
Intel Firmware Server Board M50FCP <R01.02.0003 Intel / Firmware		Server Board M50FCP <R01.02.0003

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.intel.com/content/www/us/en/security-…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in der Intel Server Board D50DNP und M50FCP Firmware ausnutzen, um seine Privilegien zu erh\u00f6hen und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1031 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1031.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1031 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1031"
      },
      {
        "category": "external",
        "summary": "Intel Server Board D50DNP and M50FCP Firmware Advisory vom 2025-05-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Server Board D50DNP und M50FCP: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-16T07:45:35.953+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1031",
      "initial_release_date": "2025-05-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-15T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-14555, EUVD-2025-14522, EUVD-2025-14552"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Server Board D50DNP \u003cR01.02.0003",
                "product": {
                  "name": "Intel Firmware Server Board D50DNP \u003cR01.02.0003",
                  "product_id": "T043653"
                }
              },
              {
                "category": "product_version",
                "name": "Server Board D50DNP R01.02.0003",
                "product": {
                  "name": "Intel Firmware Server Board D50DNP R01.02.0003",
                  "product_id": "T043653-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:server_board_d50dnp__r01.02.0003"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Server Board M50FCP \u003cR01.02.0003",
                "product": {
                  "name": "Intel Firmware Server Board M50FCP \u003cR01.02.0003",
                  "product_id": "T043654"
                }
              },
              {
                "category": "product_version",
                "name": "Server Board M50FCP R01.02.0003",
                "product": {
                  "name": "Intel Firmware Server Board M50FCP R01.02.0003",
                  "product_id": "T043654-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:server_board_m50fcp__r01.02.0003"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21829",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-21829"
    },
    {
      "cve": "CVE-2024-21859",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-21859"
    },
    {
      "cve": "CVE-2024-28047",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-28047"
    },
    {
      "cve": "CVE-2024-31155",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-31155"
    },
    {
      "cve": "CVE-2024-31157",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2024-31157"
    },
    {
      "cve": "CVE-2025-20009",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20009"
    },
    {
      "cve": "CVE-2025-20034",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20034"
    },
    {
      "cve": "CVE-2025-20082",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-20082"
    },
    {
      "cve": "CVE-2025-21094",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-21094"
    },
    {
      "cve": "CVE-2025-21100",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-21100"
    },
    {
      "cve": "CVE-2025-24308",
      "product_status": {
        "known_affected": [
          "T043653",
          "T043654"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-24308"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-28047 (GCVE-0-2024-28047)

WID-SEC-W-2025-0323

WID-SEC-W-2025-1031

Tags

Sightings

Nomenclature