CVE-2024-37355
Published: 12 February 2025
Summary
CVE-2024-37355 is a high-severity Improper Access Control (CWE-284) vulnerability in Intel (inferred from references). Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2024-37355 is an improper access control vulnerability, classified under CWE-284, affecting some Intel(R) Graphics software. Published on 2025-02-12T22:15:35.330, it has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An authenticated user with local access and low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables escalation of privilege, granting high-impact access to confidentiality, integrity, and availability across a changed scope.
The Intel security advisory provides details on mitigation; see https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html for patches and recommended actions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4930
Vulnerability details
Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local improper access control vulnerability directly enables exploitation for privilege escalation to high-impact access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to system resources, directly mitigating the improper access control that enables privilege escalation in Intel Graphics software.
Applies least privilege principle to restrict user access, preventing low-privilege authenticated users from escalating privileges via the vulnerability.
Requires timely identification and remediation of flaws like this improper access control vulnerability through patching as recommended in the Intel advisory.