CVE-2024-23980

{"id": "CVE-2024-23980", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2024-05-16T21:16:07.757", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}, {"lang": "es", "value": " Las restricciones del b\u00fafer inadecuadas en el controlador PlatformPfrDxe en el firmware UEFI para algunos productos de la familia Intel(R) Server D50FCP pueden permitir que un usuario privilegiado habilite la escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2024-11-21T08:58:46.757", "sourceIdentifier": "secure@intel.com"}