CVE-2024-33221
High
Published: 22 May 2024
Published
22 May 2024
Modified
15 April 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0012
31.1th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-33221 is a high-severity Exposed IOCTL with Insufficient Access Control (CWE-782) vulnerability. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30966
Vulnerability details
An issue in the component AsusBSItf.sys of ASUSTeK Computer Inc ASUS BIOS Flash Driver v3.2.12.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.