CVE-2024-28127
Published: 12 February 2025
Summary
CVE-2024-28127 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-28127 is an improper input validation vulnerability, classified under CWE-20, affecting the UEFI firmware for some Intel(R) Processors. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, and requirements for high privileges.
The vulnerability can be exploited by a privileged user with local access, potentially enabling escalation of privilege. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, compounded by a change in scope that amplifies the consequences beyond the vulnerable component.
Intel's security advisory INTEL-SA-01139 provides details on the issue at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01139.html. Debian LTS has also issued an announcement related to this CVE at https://lists.debian.org/debian-lts-announce/2025/03/msg00021.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-25274
Vulnerability details
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in UEFI firmware directly enables local privilege escalation via system firmware abuse (T1542.001) and general exploitation for privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the improper input validation (CWE-20) in UEFI firmware by requiring implementation of validation mechanisms at input points to block malicious inputs.
Mandates timely identification, reporting, and correction of flaws like CVE-2024-28127 through vendor patches from Intel's advisory.
Ensures integrity verification of UEFI firmware to prevent execution of vulnerable or tampered versions that could allow privilege escalation.