Products
UNKNOWN
Source
secure@intel.com
Tags
CVE-2024-21787 details
Published : Aug. 14, 2024, 2:15 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Last Modified : Aug. 14, 2024, 5:49 p.m.
Description
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6.4 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-326 | Inadequate Encryption Strength | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
6.4
Exploitability Score
0.5
Impact Score
5.9
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html | secure@intel.com |
This website uses the NVD API, but is not approved or certified by it.