CVERadar

CVE-2024-36877

Medium Severity

SVRS

36/100

CVSSv3

NA/10

EPSS

0.01543/1

CVE-2024-36877 is a critical write-what-where condition vulnerability found in Micro-Star International (MSI) motherboard firmware. This flaw affects a wide range of MSI Z-series and B-series motherboards utilizing Intel and AMD chipsets. The vulnerability resides within the SW handler for SMI 0xE3, potentially allowing attackers to overwrite arbitrary memory locations.

Given the SOCRadar Vulnerability Risk Score (SVRS) of 36, CVE-2024-36877 does not represent immediate critical risk, but still should be considered, especially given the active exploits available, indicating that this vulnerability is actively being targeted "In The Wild". Successful exploitation could lead to system instability, data corruption, or even complete system compromise. This vulnerability is significant because it affects a broad range of consumer-grade motherboards, making it a potentially widespread threat.

TAGS

In The Wild

Exploit Avaliable

VECTOR STRING

PUBLICATION DATE2024-08-12

LAST MODIFIED2025-03-13

SOCRadar

AI Insight

Description

CVE-2024-36877 is a write-what-where vulnerability in the SW handler for SMI 0xE3 in Micro-Star International Z-series and B-series motherboards. This vulnerability allows an attacker to write arbitrary data to arbitrary memory locations, potentially leading to code execution or system compromise. The SVRS for this vulnerability is 44, indicating a moderate level of severity.

Key Insights

Active Exploits: Active exploits have been published for this vulnerability, making it a high-priority target for attackers.
In the Wild: This vulnerability is actively exploited by hackers, making it essential to take immediate action to mitigate the risk.
Affected Systems: The vulnerability affects a wide range of Micro-Star International motherboards, including Z-series and B-series models with firmware versions 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H.
Exploitation: The vulnerability can be exploited by sending a specially crafted SMI request to the affected motherboard.

Mitigation Strategies

Update Firmware: Update the firmware on affected motherboards to the latest version (7D25v20 or later) as soon as possible.
Disable SMI: Disable SMI 0xE3 in the motherboard's BIOS settings to prevent attackers from exploiting the vulnerability.
Use a Firewall: Implement a firewall to block unauthorized access to the affected motherboards.
Monitor Network Traffic: Monitor network traffic for suspicious activity that may indicate an exploitation attempt.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
CERTologists/POC-CVE-2024-36877	https://github.com/CERTologists/POC-CVE-2024-36877	2024-08-17
jjensn/CVE-2024-36877	https://github.com/jjensn/CVE-2024-36877	2024-08-09

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

Komodo Cyber Security

@Komodosec

2024-09-20

At Home In Your Firmware: Analysis of CVE-2024-36877 https://t.co/XamjMv4pUQ

Geeknik`s {{🌻}} Lab

@geeknik

2024-08-19

🚨 Firmware alert! CVE-2024-36877 lets hackers turn your MSI motherboard into their playground. SMM memory corruption = full control, undetectable persistence. Your BIOS is now a hacker's dream home. 🏠💻 #CyberSecurity #TechNews https://t.co/z4EOTVHKjm

Nicolas Krassas

@Dinosn

2024-08-16

MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877 https://t.co/kPwiCFzgGj

moton

@moton

2024-08-15

CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published - https://t.co/uDCuHGHL10

Ptrace Security GmbH

@ptracesecurity

2024-08-14

Exploit POC for CVE-2024-36877 https://t.co/lLd9rztPSD #Pentesting #Exploit #CVE #CyberSecurity #Infosec https://t.co/WuPN8mfJaN

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://csr.msi.com/global/product-security-advisories
[email protected]	https://jjensn.com/at-home-in-your-firmware/
GITHUB	https://jjensn.com/at-home-in-your-firmware/

CWE Details

CWE ID	CWE Name	Description
CWE-123	Write-what-where Condition	Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence