CVE-2024-38307

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS Score 0.0007 22.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access.

Security Summary

CVE-2024-38307 is an improper input validation vulnerability (CWE-20) in the firmware for some Intel AMT and Intel Standard Manageability components. It carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), indicating high severity primarily due to its potential for denial of service.

An authenticated user with low privileges (PR:L) can exploit the vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation allows the attacker to potentially enable denial of service (A:H), with the impact amplified by a change in scope (S:C) to high availability disruption without confidentiality or integrity effects.

Intel Security Advisory INTEL-SA-01152 provides details on affected products and mitigation steps, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html.

Details

CWE(s): CWE-20

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html
secure@intel.com