We use cookies to improve your experience on our site.
AVID-2026-R1426
Description
Vulnerability CVE-2024-22476
Details
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
Reason for inclusion in AVID: CVE-2024-22476 describes improper input validation in Intel Neural Compressor software, enabling unauthenticated remote privilege escalation. Neural Compressor is a software component commonly used in AI model optimization pipelines, i.e., part of the software stack for building/deploying AI systems. This is a software supply-chain/installation-time vulnerability with clear security impact (privilege escalation via network). Therefore it is AI-related, affects a GPAI tech stack, is a security vulnerability, and has sufficient evidence in the report.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) Neural Compressor software |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Base Score | 10.0 |
| Base Severity | 🔴 Critical |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-20 | Improper input validation |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-05-16
- Version: 0.3.3
- AVID Entry