CVE Published: 12/11/2024 |
CVE Updated: 13/11/2024 |
CVE Year: 2024 Source: hp |
Vendor: Sound Research |
Product: SECOMN64 Driver Status : PUBLISHED
CVE-2024-2207 Description
Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities.
Metrics
CVSS Version: 3.1 |
Base Score: 6 MEDIUM Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* LOW Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE-427 CWE Name: CWE-427 Uncontrolled Search Path Element Source: Sound Research
Common Attack Pattern Enumeration and Classification (CAPEC)