Login Sign Up

CVE-2020-12304

7.8 HIGH

📋 TL;DR

This vulnerability in Intel DAL SDK Installer for Windows allows authenticated local users to escalate privileges through improper access control. It affects systems running Intel DAL SDK versions before 2.1 on Windows. Attackers could gain higher system privileges than intended.

💻 Affected Systems

Products:
  • Intel(R) DAL SDK Installer
Versions: All versions before 2.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows installations of Intel DAL SDK. Requires authenticated user access to the system.

📦 What is this software?

Dynamic Application Loader Software Developement Kit by Intel

View all CVEs affecting Dynamic Application Loader Software Developement Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local authenticated attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, persistence installation, or lateral movement.

🟠

Likely Case

Malicious insider or compromised user account escalates to administrator privileges to install malware, steal sensitive data, or bypass security controls.

🟢

If Mitigated

With proper privilege separation and least privilege principles, impact limited to user's own account scope with no privilege escalation.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.
🏢 Internal Only: HIGH - Local authenticated access is common in enterprise environments, enabling insider threats or post-compromise privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local authenticated access. The vulnerability is in the installer's access control mechanisms.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.1 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Restart Required: Yes

Instructions:

1. Download Intel DAL SDK version 2.1 or later from Intel's official website. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict Installer Access

windows

Limit access to Intel DAL SDK installer files and directories to authorized administrators only.

icacls "C:\Program Files\Intel\DAL SDK" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /remove:g "Users"
icacls "C:\Program Files (x86)\Intel\DAL SDK" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /remove:g "Users"

Remove Unnecessary Installations

windows

Uninstall Intel DAL SDK if not required for business operations.

appwiz.cpl
Find 'Intel DAL SDK' in programs list and select Uninstall

🧯 If You Can't Patch

  • Implement strict least privilege principles - ensure users don't have local admin rights unnecessarily
  • Monitor for privilege escalation attempts using Windows Event Logs and security tools

🔍 How to Verify

Check if Vulnerable:

Check installed Intel DAL SDK version via Programs and Features or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\DAL SDK

Check Version:

reg query "HKLM\SOFTWARE\Intel\DAL SDK" /v Version

Verify Fix Applied:

Confirm Intel DAL SDK version is 2.1 or higher in Programs and Features or registry.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing privilege escalation attempts
  • Unexpected installer processes running with elevated privileges
  • Access to DAL SDK installer files by non-admin users

Network Indicators:

  • Not applicable - local privilege escalation

SIEM Query:

EventID=4688 AND (ProcessName LIKE '%dalsdk%' OR ProcessName LIKE '%intel%install%') AND NewProcessName LIKE '%*' AND SubjectUserName NOT IN ('SYSTEM', 'Administrator')

📊 Metadata

CVE ID: CVE-2020-12304
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: November 12, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON