- 332/2024
- High
Intel has released security updates to address several vulnerabilities affecting multiple Intel products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected systems.
Samples of the addressed vulnerabilities:
1. Improper Access Control in the Intel® NUC Software Studio Service Software Vulnerability (CVE-2024-23498):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Improper Buffer Restrictions in the Intel® NUC Software Studio Service Software Vulnerability (CVE-2024-36483):
- CVSS: 5.5
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Intel® NUC Software Studio Service Software.
- Intel® NUC M15 Laptop Kits: LAPBC510, LAPBC710.
- Intel® NUC P14E Laptop Element: CMCN1CC.
Vulnerabilities
- CVE-2024-23197
- CVE-2024-34159
- CVE-2024-23498
- CVE-2024-36483
- CVE-2024-36297
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.