Cyber Posture

CVE-2024-29223

Medium

Published: 12 February 2025

Published
12 February 2025
Modified
03 December 2025
KEV Added
Patch
CVSS Score 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-29223 is a medium-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Intel Quickassist Technology. Its CVSS base score is 6.7 (Medium).

Operationally, ranked at the 36.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of flaws, directly addressing the uncontrolled search path vulnerability through patching to Intel QuickAssist Technology software version 2.2.0 or later.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Verifies integrity of software and firmware, preventing execution of malicious components loaded via the uncontrolled search path.

CM-6 Configuration Settings partial match
prevent

Enforces secure configuration settings for environment variables and search paths, restricting placement of malicious files in exploitable directories.

NVD Description

Uncontrolled search path for some Intel(R) QuickAssist Technology software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Deeper analysisAI

CVE-2024-29223 is an uncontrolled search path vulnerability (CWE-427) in some Intel QuickAssist Technology software versions before 2.2.0. This flaw may allow an authenticated user to potentially enable escalation of privilege via local access. The vulnerability carries a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating medium severity with high impacts across confidentiality, integrity, and availability.

An attacker requires local access to the system, low-level privileges as an authenticated user, high attack complexity, and user interaction to exploit this vulnerability. Successful exploitation could enable privilege escalation, potentially granting higher-level access and compromising the system's security.

Intel's security advisory INTEL-SA-01124 provides details on the issue and mitigation steps, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01124.html. Updating to Intel QuickAssist Technology software version 2.2.0 or later addresses the vulnerability.

Details

CWE(s)
CWE-427

Affected Products

intel
quickassist technology
≤ 2.2.0-0012

CVEs Like This One

CVE-2024-31858Same product: Intel Quickassist Technology
CVE-2025-24299Same vendor: Intel
CVE-2026-3775Shared CWE-427
CVE-2026-5397Shared CWE-427
CVE-2025-24998Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-25655Shared CWE-427
CVE-2026-29610Shared CWE-427
CVE-2024-57963Shared CWE-427
CVE-2024-9499Shared CWE-427

References