Cyber Resilience

CVE-2024-39805

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 11.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39805 is a high-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Intel (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2024-39805 involves insufficient verification of data authenticity (CWE-345) in some Intel(R) DSA software versions before 23.4.39. This vulnerability, published on 2025-02-12T22:15:37.420, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, and significant impacts across confidentiality, integrity, and availability in a changed scope.

An authenticated user with low privileges (PR:L) can exploit this issue via local access, potentially enabling escalation of privilege. The high attack complexity (AC:H) requires specific conditions, but successful exploitation grants high-impact access without user interaction (UI:N), allowing the attacker to compromise the system's confidentiality, integrity, and availability with scope expansion.

Intel's security advisory at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01030.html addresses this vulnerability, recommending updates to Intel(R) DSA software version 23.4.39 or later to mitigate the insufficient data authenticity verification.

EU & UK References

Vulnerability details

Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via exploitation of insufficient data authenticity verification in Intel DSA software.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24807Shared CWE-345
CVE-2026-33243Shared CWE-345
CVE-2026-43534Shared CWE-345
CVE-2026-27510Shared CWE-345
CVE-2025-24903Shared CWE-345
CVE-2026-35051Shared CWE-345
CVE-2025-63910Shared CWE-345
CVE-2026-33143Shared CWE-345
CVE-2025-27680Shared CWE-345
CVE-2026-3012Shared CWE-345

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely remediation of the flaw in Intel DSA software through updates to version 23.4.39 or later.

preventdetect

Requires software, firmware, and information integrity verification mechanisms to ensure data authenticity, directly addressing the insufficient verification flaw (CWE-345).

detect

Ensures receipt and implementation of security advisories like Intel-SA-01030 to identify and address the vulnerable Intel DSA software versions.

References