Cyber Resilience

CVE-2024-28127

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-28127 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-28127 is an improper input validation vulnerability, classified under CWE-20, affecting the UEFI firmware for some Intel(R) Processors. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, and requirements for high privileges.

The vulnerability can be exploited by a privileged user with local access, potentially enabling escalation of privilege. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, compounded by a change in scope that amplifies the consequences beyond the vulnerable component.

Intel's security advisory INTEL-SA-01139 provides details on the issue at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html. Debian LTS has also issued an announcement related to this CVE at https://lists.debian.org/debian-lts-announce/2025/03/msg00021.html.

EU & UK References

Vulnerability details

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
Why these techniques?

Improper input validation in UEFI firmware directly enables local privilege escalation via system firmware abuse (T1542.001) and general exploitation for privilege escalation (T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-33659Shared CWE-20
CVE-2024-0179Shared CWE-20
CVE-2024-24582Shared CWE-20
CVE-2024-21925Shared CWE-20
CVE-2025-21234Shared CWE-20
CVE-2025-48647Shared CWE-20
CVE-2025-25210Shared CWE-20
CVE-2026-21733Shared CWE-20
CVE-2026-7905Shared CWE-20
CVE-2026-7997Shared CWE-20

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the improper input validation (CWE-20) in UEFI firmware by requiring implementation of validation mechanisms at input points to block malicious inputs.

prevent

Mandates timely identification, reporting, and correction of flaws like CVE-2024-28127 through vendor patches from Intel's advisory.

preventdetect

Ensures integrity verification of UEFI firmware to prevent execution of vulnerable or tampered versions that could allow privilege escalation.

References