CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29979

Medium Severity
SVRS
34/100
CVSSv3
2.3/10
EPSS
0.00019/1

CVE-2024-29979 is a vulnerability in Phoenix SecureCore™ firmware affecting Intel Kaby Lake, Coffee Lake, Comet Lake, and Ice Lake platforms. The flaw involves an Improper Check for Unusual or Exceptional Conditions, enabling Input Data Manipulation. This vulnerability has a SOCRadar Vulnerability Risk Score (SVRS) of 34, indicating a moderate risk. While the CVSS score is low at 2.3, the SVRS provides additional context about the threat landscape. Specifically, versions prior to 4.0.1.1012 (Kaby Lake), 4.1.0.568 (Coffee Lake), 4.2.1.292 (Comet Lake), and 4.2.0.334 (Ice Lake) are affected. Organizations using these Intel platforms with outdated Phoenix SecureCore™ firmware should prioritize patching to mitigate the risk of potential exploits that could lead to system instability or unauthorized access.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:H
UI:N
S:U
C:N
I:N
A:L
PUBLICATION DATE2025-01-14
LAST MODIFIED2025-01-14
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-29979 is a vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Coffee Lake, Comet Lake, and Ice Lake processors. It allows for Input Data Manipulation due to an improper check for unusual or exceptional conditions. This vulnerability can be exploited to potentially gain unauthorized access or cause denial of service.

SVRS: This vulnerability has an SVRS score of 34, indicating a moderate risk level. While not considered critical, the potential for exploitation and the impact on affected systems warrant attention and appropriate mitigation measures.

Key Insights

  • Impact: The vulnerability can lead to Input Data Manipulation, potentially enabling attackers to execute arbitrary code, gain unauthorized access, or cause denial of service.
  • Affected Systems: This vulnerability affects Phoenix SecureCore™ for Intel Kaby Lake, Coffee Lake, Comet Lake, and Ice Lake processors running specific versions:
    • SecureCore™ for Intel Kaby Lake: before 4.0.1.1012
    • SecureCore™ for Intel Coffee Lake: before 4.1.0.568
    • SecureCore™ for Intel Comet Lake: before 4.2.1.292
    • SecureCore™ for Intel Ice Lake: before 4.2.0.334
  • Active Exploitation: There is currently no information indicating active exploitation of CVE-2024-29979 in the wild. However, the vulnerability could be exploited by malicious actors in the future.

Mitigation Strategies

  • Upgrade to Latest Versions: Update Phoenix SecureCore™ for Intel Kaby Lake, Coffee Lake, Comet Lake, and Ice Lake processors to the latest versions (4.0.1.1012, 4.1.0.568, 4.2.1.292, and 4.2.0.334 respectively) to patch the vulnerability.
  • Implement Security Best Practices: Strengthen security posture through best practices like using strong passwords, enabling multi-factor authentication, and implementing network segmentation.
  • Security Monitoring: Implement continuous security monitoring and threat detection solutions to promptly identify and respond to any potential malicious activities.
  • Vulnerability Management: Utilize a robust vulnerability management program to identify, prioritize, and patch vulnerabilities across the entire IT infrastructure.

Additional Information

For further information on this CVE, or to ask questions about specific concerns, please use the 'Ask to Analyst' feature on SOCRadar, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

CVE-2024-29979 Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix Secu… https://t.co/i2ke4M20XL
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
22D9BA52-F336-4B0D-BF1F-0EFBDCC3C1DEhttps://www.phoenix.com/phoenix-security-notifications/cve-2024-29979/

CWE Details

CWE IDCWE NameDescription
CWE-754Improper Check for Unusual or Exceptional ConditionsThe software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence