Login Sign Up

CVE-2021-33058

7.8 HIGH

📋 TL;DR

This vulnerability allows an unauthenticated attacker with local access to a Windows system to exploit improper access control in Intel Network Adapter Administrative Tools installer, potentially enabling privilege escalation. It affects users running Intel(R) Administrative Tools for Intel(R) Network Adapters for Windows versions before 1.4.0.21.

💻 Affected Systems

Products:
  • Intel(R) Administrative Tools for Intel(R) Network Adapters for Windows
Versions: All versions before 1.4.0.21
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems where Intel Network Adapter Administrative Tools are installed. Requires local access to the system.

📦 What is this software?

Administrative Tools For Intel Network Adapters by Intel

View all CVEs affecting Administrative Tools For Intel Network Adapters →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains SYSTEM-level privileges on the affected Windows machine, enabling complete system compromise, data theft, malware installation, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install persistent backdoors, or access sensitive system resources.

🟢

If Mitigated

Limited impact if proper access controls, least privilege principles, and network segmentation are implemented, though local privilege escalation remains possible.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over the internet.
🏢 Internal Only: HIGH - Local attackers or malware with user-level access can exploit this to gain elevated privileges on affected Windows systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires local access but no authentication. The vulnerability is in the installer's access control mechanisms.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.0.21 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html

Restart Required: Yes

Instructions:

1. Download Intel(R) Administrative Tools for Intel(R) Network Adapters version 1.4.0.21 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Follow the installation wizard. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Remove vulnerable software

windows

Uninstall Intel Network Adapter Administrative Tools if not required

Control Panel > Programs > Uninstall a program > Select 'Intel(R) Administrative Tools for Intel(R) Network Adapters' > Uninstall

Restrict local access

windows

Implement strict access controls to limit who can log in locally to affected systems

🧯 If You Can't Patch

  • Remove the Intel Network Adapter Administrative Tools software if not essential for operations
  • Implement strict least privilege principles and monitor for suspicious local privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Intel Network Adapter Administrative Tools via Control Panel > Programs > Programs and Features

Check Version:

wmic product where "name like 'Intel%Administrative Tools%'" get version

Verify Fix Applied:

Verify that Intel Network Adapter Administrative Tools version is 1.4.0.21 or higher

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing unexpected installer activity, privilege escalation attempts, or unauthorized process execution with elevated privileges

Network Indicators:

  • Unusual outbound connections from systems with Intel network adapter tools after local access events

SIEM Query:

EventID=4688 AND ProcessName LIKE '%Intel%Administrative%Tools%' AND NewProcessName LIKE '%cmd%' OR '%powershell%'

📊 Metadata

CVE ID: CVE-2021-33058
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: November 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON