CVE-2024-38383
Medium
Published: 13 November 2024
Published
13 November 2024
Modified
04 February 2025
KEV Added
—
Patch
—
CVSS Score v4
5.4
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score
0.0020
41.9th percentile
Risk Priority
11
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-38383 is a medium-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Intel Quartus Prime. Its CVSS base score is 5.4 (Medium).
Operationally, ranked at the 41.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37290
Vulnerability details
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
intel
quartus prime
≤ 24.2
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.