Sign-up

ID

VAR-202211-0593


CVE

CVE-2021-33064


TITLE

Intel's  Intel System Studio  Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020534

DESCRIPTION

Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel System Studio Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel System Studio is a multi-functional, cross-platform tool suite from Intel Corporation. Designed to simplify system startup and improve system and IoT device application performance on Intel platforms

Trust: 2.25

sources: NVD: CVE-2021-33064 // JVNDB: JVNDB-2021-020534 // CNNVD: CNNVD-202211-2646 // VULHUB: VHN-393078

AFFECTED PRODUCTS

vendor:intelmodel:system studioscope:eqversion:*

Trust: 1.0

vendor:インテルmodel:intel system studioscope:eqversion: -

Trust: 0.8

vendor:インテルmodel:intel system studioscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-020534 // NVD: CVE-2021-33064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33064
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2021-33064
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-33064
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202211-2646
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-33064
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2021-33064
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-33064
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-020534 // CNNVD: CNNVD-202211-2646 // NVD: CVE-2021-33064 // NVD: CVE-2021-33064

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-393078 // JVNDB: JVNDB-2021-020534 // NVD: CVE-2021-33064

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2646

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202211-2646

PATCH

title:Intel System Studio Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=214405

Trust: 0.6

sources: CNNVD: CNNVD-202211-2646

EXTERNAL IDS

db:NVDid:CVE-2021-33064

Trust: 3.3

db:JVNid:JVNVU94499505

Trust: 0.8

db:JVNDBid:JVNDB-2021-020534

Trust: 0.8

db:AUSCERTid:ESB-2022.5828

Trust: 0.6

db:CNNVDid:CNNVD-202211-2646

Trust: 0.6

db:VULHUBid:VHN-393078

Trust: 0.1

sources: VULHUB: VHN-393078 // JVNDB: JVNDB-2021-020534 // CNNVD: CNNVD-202211-2646 // NVD: CVE-2021-33064

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00558.html

Trust: 2.5

url:https://jvn.jp/vu/jvnvu94499505/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-33064

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.5828

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-33064/

Trust: 0.6

sources: VULHUB: VHN-393078 // JVNDB: JVNDB-2021-020534 // CNNVD: CNNVD-202211-2646 // NVD: CVE-2021-33064

SOURCES

db:VULHUBid:VHN-393078
db:JVNDBid:JVNDB-2021-020534
db:CNNVDid:CNNVD-202211-2646
db:NVDid:CVE-2021-33064

LAST UPDATE DATE

2024-08-14T13:10:03.585000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-393078date:2022-11-16T00:00:00
db:JVNDBid:JVNDB-2021-020534date:2023-11-07T08:19:00
db:CNNVDid:CNNVD-202211-2646date:2022-11-17T00:00:00
db:NVDid:CVE-2021-33064date:2022-11-16T02:33:32.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-393078date:2022-11-11T00:00:00
db:JVNDBid:JVNDB-2021-020534date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202211-2646date:2022-11-11T00:00:00
db:NVDid:CVE-2021-33064date:2022-11-11T16:15:11.337