Cyber Posture

CVE-2024-39805

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0004 10.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39805 is a high-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Intel (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the vulnerability by requiring timely remediation of the flaw in Intel DSA software through updates to version 23.4.39 or later.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Requires software, firmware, and information integrity verification mechanisms to ensure data authenticity, directly addressing the insufficient verification flaw (CWE-345).

SI-5 Security Alerts, Advisories, and Directives partial match
detect

Ensures receipt and implementation of security advisories like Intel-SA-01030 to identify and address the vulnerable Intel DSA software versions.

NVD Description

Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access.

Deeper analysisAI

CVE-2024-39805 involves insufficient verification of data authenticity (CWE-345) in some Intel(R) DSA software versions before 23.4.39. This vulnerability, published on 2025-02-12T22:15:37.420, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity with local attack vector, high attack complexity, and significant impacts across confidentiality, integrity, and availability in a changed scope.

An authenticated user with low privileges (PR:L) can exploit this issue via local access, potentially enabling escalation of privilege. The high attack complexity (AC:H) requires specific conditions, but successful exploitation grants high-impact access without user interaction (UI:N), allowing the attacker to compromise the system's confidentiality, integrity, and availability with scope expansion.

Intel's security advisory at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01030.html addresses this vulnerability, recommending updates to Intel(R) DSA software version 23.4.39 or later to mitigate the insufficient data authenticity verification.

Details

CWE(s)
CWE-345

Affected Products

Intel
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-27680Shared CWE-345
CVE-2026-24775Shared CWE-345
CVE-2025-63910Shared CWE-345
CVE-2026-24772Shared CWE-345
CVE-2026-25921Shared CWE-345
CVE-2026-43534Shared CWE-345
CVE-2025-52638Shared CWE-345
CVE-2026-23966Shared CWE-345
CVE-2025-24903Shared CWE-345
CVE-2025-1108Shared CWE-345

References