CVE-2024-25561 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
intel	CNA	6.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Affected Products (NVD)

Vendor	Product	Version
intel	hid_event_filter_driver	𝑥 < 2.2.2.1
intel	nuc_m15_laptop_kit_lapbc510_firmware	-
intel	nuc_m15_laptop_kit_lapbc710_firmware	-
intel	nuc_m15_laptop_kit_laprc510_firmware	-
intel	nuc_m15_laptop_kit_laprc710_firmware	-
intel	nuc_x15_laptop_kit_lapac71g_firmware	-
intel	nuc_x15_laptop_kit_lapac71h_firmware	-
intel	nuc_x15_laptop_kit_lapkc51e_firmware	-
intel	nuc_x15_laptop_kit_lapkc71e_firmware	-
intel	nuc_x15_laptop_kit_lapkc71f_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-277 - Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html