{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-34167", "ASSIGNER": "secure@intel.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "escalation of privilege" }, { "lang": "eng", "value": "Uncontrolled search path", "cweId": "CWE-427" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "n/a", "product": { "product_data": [ { "product_name": "Intel(R) Server Board S2600ST Family BIOS and Firmware Update software", "version": { "version_data": [ { "version_affected": "=", "version_value": "all versions" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01183.html", "refsource": "MISC", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01183.html" } ] }, "impact": { "cvss": [ { "version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" } ] } }