Login Sign Up

CVE-2021-33118

7.8 HIGH

📋 TL;DR

This vulnerability allows authenticated users on affected Intel NUC 11 Gen systems to escalate privileges via the Intel Serial IO driver installer. Attackers with local access can exploit improper access controls to gain higher system privileges. Only systems running vulnerable versions of the Intel Serial IO driver are affected.

💻 Affected Systems

Products:
  • Intel Serial IO driver for Intel NUC 11 Gen
Versions: Versions before 30.100.2104.1
Operating Systems: Windows 10, Windows 11
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Intel NUC 11 Gen systems with the vulnerable driver installed. Requires local authenticated access.

📦 What is this software?

Serial Io Driver For Intel Nuc 11 Gen by Intel

View all CVEs affecting Serial Io Driver For Intel Nuc 11 Gen →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains SYSTEM/root privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.

🟠

Likely Case

Local authenticated users (including low-privilege accounts) escalate to administrative privileges, allowing software installation, configuration changes, and access to protected resources.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to authorized administrative actions within the user's intended scope.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring authenticated access to the system.
🏢 Internal Only: HIGH - Internal users with any level of local access can potentially exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local authenticated access. The vulnerability is in the installer's access control mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 30.100.2104.1 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00560.html

Restart Required: Yes

Instructions:

1. Download Intel Serial IO driver version 30.100.2104.1 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Follow on-screen instructions. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to affected systems to only trusted administrative users

Remove vulnerable driver

windows

Uninstall the vulnerable Intel Serial IO driver if not required

Control Panel > Programs > Uninstall a program > Select 'Intel Serial IO' > Uninstall

🧯 If You Can't Patch

  • Implement strict least privilege principles - ensure no users have unnecessary local access
  • Monitor for privilege escalation attempts using security tools and audit logs

🔍 How to Verify

Check if Vulnerable:

Check driver version in Device Manager: Right-click Start > Device Manager > System devices > Intel Serial IO > Properties > Driver tab

Check Version:

wmic path Win32_PnPSignedDriver where "DeviceName like '%Intel Serial IO%'" get DeviceName, DriverVersion

Verify Fix Applied:

Verify driver version is 30.100.2104.1 or higher in Device Manager

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Installation of Intel Serial IO driver by non-admin users
  • Security log Event ID 4672 (special privileges assigned)

Network Indicators:

  • None - this is a local privilege escalation

SIEM Query:

EventID=4672 AND ProcessName="*Intel*Serial*IO*" OR EventID=4688 AND NewProcessName="*Intel*Serial*IO*"

📊 Metadata

CVE ID: CVE-2021-33118
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: November 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON