CVE-2024-38307
Published: 12 February 2025
Summary
CVE-2024-38307 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-38307 is an improper input validation vulnerability (CWE-20) in the firmware for some Intel AMT and Intel Standard Manageability components. It carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H), indicating high severity primarily due to its potential for denial of service.
An authenticated user with low privileges (PR:L) can exploit the vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation allows the attacker to potentially enable denial of service (A:H), with the impact amplified by a change in scope (S:C) to high availability disruption without confidentiality or integrity effects.
Intel Security Advisory INTEL-SA-01152 provides details on affected products and mitigation steps, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4939
Vulnerability details
Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in remote management firmware (Intel AMT) directly enables application/system exploitation resulting in denial of service (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of network inputs to Intel AMT and Standard Manageability firmware, preventing exploitation of the improper input validation vulnerability.
Mandates timely patching of the specific flaw in Intel AMT firmware as detailed in Intel-SA-01152, eliminating the vulnerability.
Limits the effects of denial-of-service attacks exploitable via the firmware vulnerability, mitigating the high availability impact.