CVE-2024-21935
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-23
Last updated on: 2025-09-24
Assigner: Advanced Micro Devices Inc.
Description
Description
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amd | satellite_management_controller | 3.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-241 | The product does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to improper input validation in the Satellite Management Controller (SMC). An attacker who already has privileges can manipulate Redfish® API commands to remove files from the local root directory, which may lead to data corruption.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with privileges to delete files from the local root directory, potentially causing data corruption. This could disrupt system operations or lead to loss of important data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70