CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0762

Medium Severity
SVRS
36/100
CVSSv3
7.5/10
EPSS
0.00098/1

CVE-2024-0762 is a potential buffer overflow vulnerability in Phoenix SecureCore™ UEFI firmware affecting select Intel platforms. This flaw arises from unsafe handling of UEFI variables, potentially allowing attackers to execute arbitrary code. The vulnerability impacts various Intel platforms including Kaby Lake, Coffee Lake, Ice Lake, Comet Lake, Tiger Lake, Jasper Lake, Alder Lake, Raptor Lake and Meteor Lake. While the CVSS score is 7.5 (High), SOCRadar's Vulnerability Risk Score (SVRS) is 36, indicating a moderate level of concern based on threat actor activity and exploit availability. Although not critical based on the SVRS threshold of 80, organizations using affected Phoenix SecureCore™ versions on their Intel platforms should apply the recommended firmware updates to mitigate the risk. Failure to patch can lead to system instability or potentially, remote code execution, making timely updates crucial.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:H
PR:H
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-05-14
LAST MODIFIED2025-03-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-0762 is a potential buffer overflow vulnerability in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms. This vulnerability could allow an attacker to execute arbitrary code with system privileges.

Key Insights

  • The SVRS of 44 indicates a moderate risk, but the vulnerability is actively exploited in the wild, making it a critical threat.
  • The vulnerability affects multiple versions of Phoenix SecureCore™ for various Intel platforms, including Kaby Lake, Coffee Lake, Ice Lake, Comet Lake, Tiger Lake, Jasper Lake, Alder Lake, Raptor Lake, and Meteor Lake.
  • The vulnerability could allow attackers to gain complete control of affected systems, including installing malware, stealing sensitive data, or disrupting operations.

Mitigation Strategies

  • Update to the latest version of Phoenix SecureCore™ for the affected platform.
  • Implement strong security measures, such as firewalls, intrusion detection systems, and anti-malware software.
  • Regularly monitor systems for suspicious activity and apply security patches promptly.
  • Restrict access to sensitive data and systems to authorized personnel only.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Active exploits have been published, making it essential to take immediate action to mitigate the risk.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The Top Firmware and Hardware Attack Vectors
Ariella Robison2025-04-17
The Top Firmware and Hardware Attack Vectors | Updated for 2025 with information on the most common threats to enterprise device firmware today. Watch our recent on-demand webinar: Top Firmware Attack Vectors: Supply Chain Security&#8217;s Missing Link&#8221; with Paul Asadoorian and John Loucaides. As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and [&#8230;] The post The Top Firmware and Hardware Attack Vectors appeared first on <
eclypsium.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: SideWinder phishing campaign targets maritime facilities in multiple countries The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 […] A crafty phishing campaign targets Microsoft OneDrive users Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | URL: https://securityaffairs.com/must-read. Publication date: 2023-08-27 16:37:21 News Content: A crafty phishing campaign targets Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to […] | Description: A crafty phishing campaign targets Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085 Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full […] Acronis Cyber Infrastructure bug actively exploited in the wild Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that
google.com
rss
forum
news
Tageszusammenfassung - 20.06.2024
CERT.at2024-06-20
Tageszusammenfassung - 20.06.2024 | End-of-Day report Timeframe: Mittwoch 19-06-2024 18:00 - Donnerstag 20-06-2024 18:00 Handler: Thomas Pribitzer Co-Handler: Michael Schlagenhaufer News SolarWinds Serv-U path-traversal flaw actively exploited in attacks Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. [..] The vulnerability, CVE-2024-28995, is a high-severity directory traversal flaw, allowing unauthenticated attackers to read arbitrary files from the filesystem by crafting specific
cve-2024-0762
cve-2024-28995
ipv4s
domains
Researchers Uncover UEFI Vulnerability Affecting Intel CPUs
Wajahat Raja2024-07-03
Researchers Uncover UEFI Vulnerability Affecting Intel CPUs | Cybersecurity researchers have recently uncovered a UEFI vulnerability in the Phoenix SecureCore UEFI firmware, which affects a variety of Intel Core desktop and mobile processors. This now-patched vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, has been termed “UEFIcanhazbufferoverflow.” It involves a buffer overflow caused by an unsafe variable in the Trusted Platform […] The post Researchers Uncover UEFI Vulnerability Affecting Intel CPUs appeared first on <a href="https://
cve-2024-0762
domains
urls
cves
Security Affairs: UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models
Chris Garland2024-06-21
Security Affairs: UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models | A serious vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models. The post Security Affairs: UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.<p
cve-2024-0762
domains
urls
cves

Social Media

UEFI CVE-2024-0762 Vulnerability Affecting Several Intel CPUs Uncovered by Researchers - Such a #vulnerability could affect YOUR PC! https://t.co/ToHfiloh0j #malware #MalwareAttack #infosec #cybersec #cybersecurity #cybercrime #cyberattack #hackers #intel #intelpc #CPUs
0
0
0
CVE-2024-0762 Does UEFI-CAN.HAZ.BUFFER.OVERFLOW mean there will be new nifty tools for bypassing Intel / Phoenix bios passwd? Maybe good idea to buy certain locked laptops from ebay before the prices go up .
0
0
0
A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary code within the firmware during runtime. https://t.co/wdOUXmoq3T
0
0
0
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) https://t.co/xZ7tFrY5G9
0
0
0
The vulnerability is tracked as CVE-2024-0762, and when exploited, allows an attacker to run code on affected devices
1
0
0
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) https://t.co/OCe1T2Hl2l
0
0
0
Serious vulnerability (CVE-2024-0762) in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models using Intel Core processors. Exploitation could lead to malicious code execution. Lenovo and Phoenix Technologies confirmed the… https://t.co/LUBKMgUd1b
0
0
1
CVE-2024-0762: la nueva vulnerabilidad que afecta a los procesadores Intel https://t.co/JfRiFmT7CM https://t.co/FFvxiEkFFA
0
0
0
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) https://t.co/VTshZdMxZH
0
0
0
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) https://t.co/ybQ2I5xb0d
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://www.phoenix.com/security-notifications/cve-2024-0762/
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://news.ycombinator.com/item?id=40747852
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://www.phoenix.com/security-notifications/cve-2024-0762/
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://news.ycombinator.com/item?id=40747852
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://www.phoenix.com/security-notifications/cve-2024-0762/
AF854A3A-2127-422B-91AE-364DA2661108https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
AF854A3A-2127-422B-91AE-364DA2661108https://news.ycombinator.com/item?id=40747852
AF854A3A-2127-422B-91AE-364DA2661108https://www.phoenix.com/security-notifications/cve-2024-0762/
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://news.ycombinator.com/item?id=40747852
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://www.phoenix.com/security-notifications/cve-2024-0762/
AF854A3A-2127-422B-91AE-364DA2661108https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
AF854A3A-2127-422B-91AE-364DA2661108https://news.ycombinator.com/item?id=40747852
AF854A3A-2127-422B-91AE-364DA2661108https://www.phoenix.com/security-notifications/cve-2024-0762/

CWE Details

CWE IDCWE NameDescription
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence