CVE-2017-5682 Intel CVE debrief

Who should care

Organizations and developers using affected Intel 2017 products, especially Intel Parallel Studio XE, System Studio, VTune Amplifier, Inspector, Advisor, MPI Library, Trace Analyzer and Collector, IPP, Cryptography for IPP, MKL, DAAL, and TBB. Security teams should also care where these tools are installed on shared or developer workstations.

Technical summary

NVD classifies the issue with CVSS 3.0 vector CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, which points to a local attack requiring low privileges and user interaction. The affected component is the Intel PSET Application Install wrapper, and Intel’s advisory and NVD list multiple 2017 product families as vulnerable before 2017 Update 2.

Defensive priority

High. The issue can enable local privilege escalation across a wide set of Intel developer and performance tooling, so remediation should be prioritized on systems where those products are installed.

Recommended defensive actions

• Upgrade affected Intel products to 2017 Update 2 or later, or remove vulnerable versions where they are no longer needed.
• Inventory endpoints and developer systems for the listed Intel 2017 products referenced in the NVD CPE entries.
• Restrict local interactive access on systems running affected software, especially shared workstations and build hosts.
• Monitor for unexpected elevated process launches associated with Intel installation or wrapper components.
• Validate remediation against Intel’s advisory INTEL-SA-00070 and the NVD record for CVE-2017-5682.

Evidence notes

This debrief is based on the CVE record, NVD metadata, and the Intel advisory reference listed in the source corpus. The corpus states that Intel PSET Application Install wrapper in multiple Intel products before 2017 Update 2 allows an attacker to launch a process with escalated privileges. The NVD vector shows local, low-privilege, user-interaction requirements. No exploit details were provided in the source corpus.

Official resources