Cyber Resilience

CVE-2024-37355

HighLPE

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 12.8th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-37355 is a high-severity Improper Access Control (CWE-284) vulnerability in Intel (inferred from references). Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2024-37355 is an improper access control vulnerability, classified under CWE-284, affecting some Intel(R) Graphics software. Published on 2025-02-12T22:15:35.330, it has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An authenticated user with local access and low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables escalation of privilege, granting high-impact access to confidentiality, integrity, and availability across a changed scope.

The Intel security advisory provides details on mitigation; see https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html for patches and recommended actions.

EU & UK References

Vulnerability details

Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local improper access control vulnerability directly enables exploitation for privilege escalation to high-impact access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-48898Shared CWE-284
CVE-2026-25176Shared CWE-284
CVE-2026-48899Shared CWE-284
CVE-2026-37526Shared CWE-284
CVE-2024-56883Shared CWE-284
CVE-2026-42823Shared CWE-284
CVE-2026-0844Shared CWE-284
CVE-2026-41086Shared CWE-284
CVE-2026-35242Shared CWE-284
CVE-2026-33834Shared CWE-284

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly mitigating the improper access control that enables privilege escalation in Intel Graphics software.

prevent

Applies least privilege principle to restrict user access, preventing low-privilege authenticated users from escalating privileges via the vulnerability.

prevent

Requires timely identification and remediation of flaws like this improper access control vulnerability through patching as recommended in the Intel advisory.

References