CVE-2024-21828 MEDIUM

CVE-2024-21828

Vendor N/A
Product Intel(R) Ethernet Controller Administrative Tools software
Weakness CWE-284
Published May 16, 2024
Last update October 25, 2024
View on NVD All CVEs

CVSS base score

6.7/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Key dates

02Disclosure timeline

May 16, 2024 CVE published
October 25, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-2861 Qemu: 9pfs: improper access control on special files CVE-2025-14977 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy <= 4.2.4 - Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure CVE-2026-1895 WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control CVE-2025-5428 juzaweb CMS Error Logs Page log-viewer access control CVE-2023-27391