Sign-up

ID

VAR-201702-0834


CVE

CVE-2017-5682


TITLE

plural Intel Product Intel PSET Application Install Vulnerability in Wrapper that could launch processes with elevated privileges

Trust: 0.8

sources: JVNDB: JVNDB-2017-002288

DESCRIPTION

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. plural Intel Product Intel PSET Application Install The wrapper contains a vulnerability that allows processes to be launched with elevated privileges.An attacker could launch a process with elevated privileges. Multiple Intel products are prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Intel Parallel Studio X, etc. Intel Parallel Studio X is a set of software for improving application performance and big data analysis; Intel Inspector is a set of tools for dynamic testing of memory access errors and thread access errors in applications

Trust: 1.98

sources: NVD: CVE-2017-5682 // JVNDB: JVNDB-2017-002288 // BID: 96482 // VULHUB: VHN-113885

AFFECTED PRODUCTS

vendor:intelmodel:advisorscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:system studioscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:vtune amplifierscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:mpi libraryscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:inspectorscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:cryptography for intel integrated performance primitivesscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:trace analyzer and collectorscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:threading building blocksscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:parallel studio xescope:eqversion:2017

Trust: 1.6

vendor:intelmodel:integrated performance primitivesscope:eqversion:2017

Trust: 1.6

vendor:intelmodel:data analytics acceleration libraryscope:eqversion:2017

Trust: 1.0

vendor:intelmodel:math kernel libraryscope:eqversion:2017

Trust: 1.0

vendor:intelmodel:cryptography for intel integrated performance primitivesscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:advisorscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:data analytics acceleration libraryscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:inspectorscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:integrated performance primitivesscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:math kernel libraryscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:mpi libraryscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:parallel studio xescope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:system studioscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:threading building blocksscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:trace analyzer and collectorscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:vtune amplifierscope:ltversion:2017 update 2

Trust: 0.8

vendor:intelmodel:vtune amplifierscope:eqversion:0

Trust: 0.3

vendor:intelmodel:trace analyzer and collectorscope:eqversion:0

Trust: 0.3

vendor:intelmodel:threading building blocksscope:eqversion:0

Trust: 0.3

vendor:intelmodel:system studioscope:eqversion:0

Trust: 0.3

vendor:intelmodel:parallel studio xescope:eqversion:0

Trust: 0.3

vendor:intelmodel:mpi libraryscope:eqversion:0

Trust: 0.3

vendor:intelmodel:math kernel libraryscope:eqversion:0

Trust: 0.3

vendor:intelmodel:integrated performance primitivesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:inspectorscope:eqversion:0

Trust: 0.3

vendor:intelmodel:data analytics acceleration libraryscope:eqversion:0

Trust: 0.3

vendor:intelmodel:cryptography for intel integrated performance primitivesscope:eqversion:0

Trust: 0.3

vendor:intelmodel:advisorscope:eqversion:0

Trust: 0.3

vendor:intelmodel:vtune amplifier updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:trace analyzer and collector updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:threading building blocks updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:system studio updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:parallel studio xe updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:mpi library updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:math kernel library updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:integrated performance primitives updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:inspector updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:data analytics acceleration library updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:cryptography for intel integrated performance primitives updatescope:neversion:20172

Trust: 0.3

vendor:intelmodel:advisor updatescope:neversion:20172

Trust: 0.3

sources: BID: 96482 // JVNDB: JVNDB-2017-002288 // CNNVD: CNNVD-201702-948 // NVD: CVE-2017-5682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5682
value: HIGH

Trust: 1.0

NVD: CVE-2017-5682
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201702-948
value: HIGH

Trust: 0.6

VULHUB: VHN-113885
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5682
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-113885
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5682
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-113885 // JVNDB: JVNDB-2017-002288 // CNNVD: CNNVD-201702-948 // NVD: CVE-2017-5682

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-113885 // JVNDB: JVNDB-2017-002288 // NVD: CVE-2017-5682

THREAT TYPE

local

Trust: 0.9

sources: BID: 96482 // CNNVD: CNNVD-201702-948

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201702-948

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002288

PATCH
title:INTEL-SA-00070url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr
Trust: 0.8
title:Multiple Intel Product Privilege License and Access Control Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68054
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002288 // 
            
            
            
            CNNVD: CNNVD-201702-948

EXTERNAL IDS
db:NVDid:CVE-2017-5682
Trust: 2.8
db:BIDid:96482
Trust: 2.0
db:JVNDBid:JVNDB-2017-002288
Trust: 0.8
db:CNNVDid:CNNVD-201702-948
Trust: 0.7
db:VULHUBid:VHN-113885
Trust: 0.1
sources:
            
            
            VULHUB: VHN-113885 // 
            
            
            
            BID: 96482 // 
            
            
            
            JVNDB: JVNDB-2017-002288 // 
            
            
            
            CNNVD: CNNVD-201702-948 // 
            
            
            
            NVD: CVE-2017-5682

REFERENCES
url:http://www.securityfocus.com/bid/96482
Trust: 1.7
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00070&languageid=en-fr
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5682
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5682
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00070&languageid=en-fr 
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00070&languageid=en-fr
Trust: 0.1
sources:
            
            
            VULHUB: VHN-113885 // 
            
            
            
            BID: 96482 // 
            
            
            
            JVNDB: JVNDB-2017-002288 // 
            
            
            
            CNNVD: CNNVD-201702-948 // 
            
            
            
            NVD: CVE-2017-5682

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 96482

SOURCES
db:VULHUBid:VHN-113885
db:BIDid:96482
db:JVNDBid:JVNDB-2017-002288
db:CNNVDid:CNNVD-201702-948
db:NVDid:CVE-2017-5682

LAST UPDATE DATE
2024-11-23T23:02:31.373000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-113885date:2019-10-03T00:00:00
db:BIDid:96482date:2017-03-07T00:14:00
db:JVNDBid:JVNDB-2017-002288date:2017-04-10T00:00:00
db:CNNVDid:CNNVD-201702-948date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5682date:2024-11-21T03:28:12.833

SOURCES RELEASE DATE
db:VULHUBid:VHN-113885date:2017-02-28T00:00:00
db:BIDid:96482date:2017-02-28T00:00:00
db:JVNDBid:JVNDB-2017-002288date:2017-04-10T00:00:00
db:CNNVDid:CNNVD-201702-948date:2017-02-28T00:00:00
db:NVDid:CVE-2017-5682date:2017-02-28T19:59:00.160