CVE-2021-33129
📋 TL;DR
This vulnerability in Intel Advisor installer versions before 2021.4.0 sets incorrect default file permissions during installation, allowing authenticated local users to modify files and potentially escalate privileges. Only systems with Intel Advisor installed are affected, requiring local access to exploit.
💻 Affected Systems
- Intel Advisor
📦 What is this software?
Advisor by Intel
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker gains SYSTEM/root privileges by replacing legitimate files with malicious ones, leading to complete system compromise.
Likely Case
Local user with standard privileges gains administrative access to install malware, modify system configurations, or access sensitive data.
If Mitigated
With proper access controls and least privilege principles, impact is limited to the specific Intel Advisor installation directory only.
🎯 Exploit Status
Exploitation requires authenticated local access and knowledge of file system locations. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2021.4.0 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00594.html
Restart Required: No
Instructions:
1. Download Intel Advisor version 2021.4.0 or later from Intel's website. 2. Uninstall previous versions. 3. Install the updated version. 4. Verify installation completed successfully.
🔧 Temporary Workarounds
Manual permission hardening
allManually set restrictive permissions on Intel Advisor installation directories
Windows: icacls "C:\Program Files\Intel\Advisor\*" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
Linux: chmod -R 755 /opt/intel/advisor && chown -R root:root /opt/intel/advisor
🧯 If You Can't Patch
- Remove Intel Advisor from systems where it's not essential
- Implement strict access controls and monitor file modifications in Intel Advisor directories
🔍 How to Verify
Check if Vulnerable:
Check Intel Advisor version: Windows - Check Programs and Features; Linux - Run 'advisor --version' or check package managerCheck Version:
Windows: Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*Intel Advisor*'} | Select-Object Name, Version; Linux: advisor --version 2>/dev/null || rpm -qa | grep advisor || dpkg -l | grep advisorVerify Fix Applied:
Verify installed version is 2021.4.0 or later and check directory permissions are properly set📡 Detection & Monitoring
Log Indicators:
- Unexpected file modifications in Intel Advisor directories
- Unauthorized privilege escalation attempts
- Installation of Intel Advisor older than 2021.4.0
Network Indicators:
- None - local vulnerability only
SIEM Query:
EventID=4688 OR ProcessName='advisor' AND (CommandLine LIKE '%install%' OR CommandLine LIKE '%setup%') AND NOT Version LIKE '2021.4.%'