Details of VAR-202202-1334

ID

VAR-202202-1334

CVE

CVE-2021-33129

TITLE

Intel(R) Advisor Improper default permissions vulnerability in software installer for

Trust: 0.8

sources: JVNDB: JVNDB-2022-005213

DESCRIPTION

Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state. Intel Advisor is a design and analysis tool developed by Intel Corporation for developing high-performance code

Trust: 1.71

sources: NVD: CVE-2021-33129 // JVNDB: JVNDB-2022-005213 // VULHUB: VHN-393143

AFFECTED PRODUCTS

vendor:	intel	model:	advisor	scope:	lt	version:	2021.4.0	Trust: 1.0
vendor:	インテル	model:	intel advisor	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel advisor	scope:	eq	version:	2021.4.0	Trust: 0.8

sources: JVNDB: JVNDB-2022-005213 // NVD: CVE-2021-33129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33129
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33129
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202202-752
value:	HIGH
Trust: 0.6
VULHUB:	VHN-393143
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33129
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393143
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33129
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33129
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393143 // JVNDB: JVNDB-2022-005213 // CNNVD: CNNVD-202202-752 // NVD: CVE-2021-33129

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393143 // JVNDB: JVNDB-2022-005213 // NVD: CVE-2021-33129

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-752

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-752

PATCH

title:	INTEL-SA-00594	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00594.html	Trust: 0.8
title:	Intel Advisor Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182188	Trust: 0.6

sources: JVNDB: JVNDB-2022-005213 // CNNVD: CNNVD-202202-752

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33129	Trust: 3.3
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005213	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-752	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0539	Trust: 0.6
db:	CS-HELP	id:	SB2022020919	Trust: 0.6
db:	VULHUB	id:	VHN-393143	Trust: 0.1

sources: VULHUB: VHN-393143 // JVNDB: JVNDB-2022-005213 // CNNVD: CNNVD-202202-752 // NVD: CVE-2021-33129

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00594.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33129	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020919	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0539	Trust: 0.6

sources: VULHUB: VHN-393143 // JVNDB: JVNDB-2022-005213 // CNNVD: CNNVD-202202-752 // NVD: CVE-2021-33129

SOURCES

db:	VULHUB	id:	VHN-393143
db:	JVNDB	id:	JVNDB-2022-005213
db:	CNNVD	id:	CNNVD-202202-752
db:	NVD	id:	CVE-2021-33129

LAST UPDATE DATE

2024-08-14T13:00:22.767000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393143	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005213	date:	2023-05-24T02:50:00
db:	CNNVD	id:	CNNVD-202202-752	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-33129	date:	2022-02-15T17:36:57.463

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393143	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005213	date:	2023-05-24T00:00:00
db:	CNNVD	id:	CNNVD-202202-752	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-33129	date:	2022-02-09T23:15:15.663