{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23980", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2024-03-11T03:00:02.425Z", "datePublished": "2024-05-16T20:46:59.941Z", "dateUpdated": "2024-08-20T15:00:07.103Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:46:59.941Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "cweId": "CWE-119", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "UEFI firmware for some Intel(R) Server D50FCP Family products", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.559Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "intel", "product": "server_system_d50tnp2mhsvac_firmware", "cpes": ["cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-21T15:53:01.917628Z", "id": "CVE-2024-23980", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T15:00:07.103Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.559Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-21T15:53:01.917628Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:-:*:*:*:*:*:*:*"], "vendor": "intel", "product": "server_system_d50tnp2mhsvac_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T14:42:02.585Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "UEFI firmware for some Intel(R) Server D50FCP Family products", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"}], "descriptions": [{"lang": "en", "value": "Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:46:59.941Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23980", "state": "PUBLISHED", "dateUpdated": "2024-08-20T15:00:07.103Z", "dateReserved": "2024-03-11T03:00:02.425Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-05-16T20:46:59.941Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access."}, {"lang": "es", "value": " Las restricciones del b\u00fafer inadecuadas en el controlador PlatformPfrDxe en el firmware UEFI para algunos productos de la familia Intel(R) Server D50FCP pueden permitir que un usuario privilegiado habilite la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2024-23980", "lastModified": "2024-11-21T08:58:46.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2024-05-16T21:16:07.757", "references": [{"source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secure@intel.com", "type": "Secondary"}]}

{}