CVE-2017-5682

moderate-risk

Published 2017-02-28

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.3/10 High

LOCAL / LOW complexity

Affected Products (12)

Advisor

Cryptography For Intel Integrated Performance Primitives

Data Analytics Acceleration Library

Integrated Performance Primitives

Mpi Library

System Studio

Vtune Amplifier

Inspector

Math Kernel Library

Parallel Studio Xe

Threading Building Blocks

Trace Analyzer And Collector

Affected Vendors

Intel

References (4)

Third Party Advisory http://www.securityfocus.com/bid/96482

Vendor Advisory https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languagei...

Third Party Advisory http://www.securityfocus.com/bid/96482

Vendor Advisory https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languagei...

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 0/34 · Minimal

Exposure 17/34 · Moderate