Intel PSET Application Install wrapper contains an escalation of privilege vulnerability.

Intel ID:  INTEL-SA-00070
Product family:  Various Intel Products (see list of affected products)
Impact of vulnerability Elevation of Privilege
Severity rating Moderate
Original release:  Feb 28, 2017
Last revised:  Feb 28, 2017
Summary: 

Intel PSET Application Install wrapper contains an escalation of privilege vulnerability.

Description: 

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 which allows an attacker to launch a process with escalated privileges.

CVSS v3 Base Score: 6.3 Medium

Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Affected products: 

Product

Affected Versions

Intel Parallel Studio XE

Before 2017 Update 2

Intel System Studio, Intel VTune Amplifier

Before 2017 Update 2

Intel Inspector

Before 2017 Update 2

Intel Advisor

Before 2017 Update 2

Intel MPI Library

Before 2017 Update 2

Intel Trace Analyzer and Collector

Before 2017 Update 2

Intel Integrated Performance Primitives

Before 2017 Update 2

Cryptography for Intel Integrated Performance Primitives

Before 2017 Update 2

Intel Math Kernel Library

Before 2017 Update 2

Intel Data Analytics Acceleration Library

Before 2017 Update 2

Intel Threading Building Blocks

Before 2017 Update 2

Intel System Studio for Microcontrollers 2016

Before 2017 Update 2

Intel SDK for OpenCL™ Applications 2016 R3

Before 2017 Update 2

Recommendations: 

Intel recommends that users of the listed products update to 2017 Update 2.  If the software is registered users will receive update notifications via their registered email addresses.  If the software is not registered please the Intel Developer Zone support page (https://software.intel.com/en-us/support) and select the appropriate product.

Revision history: 

Revision
Date
Description
1.0
28-February-2017
Initial Release
1.1
09-May-2017
Update Language
 1.2
10-July-2017
Update product list

CVE Name:  CVE-2017-5682

Disclaimer:

INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH INTEL® PRODUCTS. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. INTEL RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.



Reporting a security issue

If you have information about a security issue or vulnerability with an Intel product, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

  • A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

  • Vulnerability handling guidelines

  • Need product support?
    The secure@intel.com e-mail address should only be used for reporting security issues.

    If you...
  • Have questions about the security features of an Intel product
  • Require technical support
  • Want product updates or patches

  • Please visit Support & Downloads.