PT-2024-8766 · Intel · Intel Neural Compressor

Published

2024-11-12

Updated

2024-11-15

CVE-2024-28028

CVSS v4.0

7.7

High

Vector

AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Intel Neural Compressor versions prior to v3.0

Description: The issue is related to improper input validation in the Intel Neural Compressor software, which may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. This is due to errors in processing input data.

Recommendations: For versions prior to v3.0, update to version v3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Intel Neural Compressor software to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2024-10381

CVE-2024-28028

Affected Products

Intel Neural Compressor

PT-2024-8766 · Intel · Intel Neural Compressor

CVE-2024-28028

Weakness Enumeration

Related Identifiers

Affected Products

References · 5