Details of VAR-202111-1205

ID

VAR-202111-1205

CVE

CVE-2021-33062

TITLE

Intel(R) VTune(TM) Profiler Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015260

DESCRIPTION

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) VTune(TM) Profiler There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation to optimize software. The software can perform performance tests on embedded applications of the Internet of Things, media software, Java applications, and high-performance computing applications. Intel VTune Profiler has a security vulnerability that allows local users to upgrade privileges on the system

Trust: 2.25

sources: NVD: CVE-2021-33062 // JVNDB: JVNDB-2021-015260 // CNNVD: CNNVD-202111-960 // VULHUB: VHN-393076

AFFECTED PRODUCTS

vendor:	intel	model:	vtune profiler	scope:	lt	version:	2021.3.0	Trust: 1.0
vendor:	インテル	model:	intel vtune profiler	scope:	eq	version:	2021.3.0	Trust: 0.8
vendor:	インテル	model:	intel vtune profiler	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015260 // NVD: CVE-2021-33062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33062
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33062
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202111-960
value:	HIGH
Trust: 0.6
VULHUB:	VHN-393076
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33062
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393076
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33062
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33062
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393076 // JVNDB: JVNDB-2021-015260 // CNNVD: CNNVD-202111-960 // NVD: CVE-2021-33062

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393076 // JVNDB: JVNDB-2021-015260 // NVD: CVE-2021-33062

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-960

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-960

PATCH

title:	INTEL-SA-00556	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00556.html	Trust: 0.8
title:	Intel VTune Profiler Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170932	Trust: 0.6

sources: JVNDB: JVNDB-2021-015260 // CNNVD: CNNVD-202111-960

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33062	Trust: 3.3
db:	JVN	id:	JVNVU91196719	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-015260	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3742	Trust: 0.6
db:	CS-HELP	id:	SB2021111012	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-960	Trust: 0.6
db:	VULHUB	id:	VHN-393076	Trust: 0.1

sources: VULHUB: VHN-393076 // JVNDB: JVNDB-2021-015260 // CNNVD: CNNVD-202111-960 // NVD: CVE-2021-33062

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00556.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33062	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91196719/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3742	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111012	Trust: 0.6

sources: VULHUB: VHN-393076 // JVNDB: JVNDB-2021-015260 // CNNVD: CNNVD-202111-960 // NVD: CVE-2021-33062

SOURCES

db:	VULHUB	id:	VHN-393076
db:	JVNDB	id:	JVNDB-2021-015260
db:	CNNVD	id:	CNNVD-202111-960
db:	NVD	id:	CVE-2021-33062

LAST UPDATE DATE

2024-08-14T12:25:32.382000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393076	date:	2021-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-015260	date:	2022-11-15T01:37:00
db:	CNNVD	id:	CNNVD-202111-960	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-33062	date:	2021-11-22T18:09:53.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393076	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-015260	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202111-960	date:	2021-11-10T00:00:00
db:	NVD	id:	CVE-2021-33062	date:	2021-11-17T20:15:09.883