CVE-2024-36877
Severity Score
8.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3.
Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-30 CVE Reserved
- 2024-08-09 First Exploit
- 2024-08-12 CVE Published
- 2025-03-13 CVE Updated
- 2025-05-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-123: Write-what-where Condition
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://csr.msi.com/global/product-security-advisories | ||
| https://jjensn.com/at-home-in-your-firmware |
| URL | Date | SRC |
|---|---|---|
| https://github.com/jjensn/CVE-2024-36877 | 2024-08-09 | |
| https://github.com/CERTologists/POC-CVE-2024-36877 | 2024-08-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Msi Search vendor "Msi" | Am4 Search vendor "Msi" for product "Am4" | * | - |
Affected
| ||||||
| Msi Search vendor "Msi" | Am5 Search vendor "Msi" for product "Am5" | * | - |
Affected
| ||||||
| Msi Search vendor "Msi" | Intel 300 Search vendor "Msi" for product "Intel 300" | * | - |
Affected
| ||||||
| Msi Search vendor "Msi" | Intel 400 Search vendor "Msi" for product "Intel 400" | * | - |
Affected
| ||||||
| Msi Search vendor "Msi" | Intel 500 Search vendor "Msi" for product "Intel 500" | * | - |
Affected
| ||||||
| Msi Search vendor "Msi" | Intel 600 Search vendor "Msi" for product "Intel 600" | * | - |
Affected
| ||||||
| Msi Search vendor "Msi" | Intel 700 Search vendor "Msi" for product "Intel 700" | * | - |
Affected
| ||||||