CVE-2024-28172 – This vulnerability in Intel Trace Analyzer and ... (How to Fix)

Q: What is the severity of CVE-2024-28172?

CVE-2024-28172 has a CVSS score of 6.7 (MEDIUM). This vulnerability in Intel Trace Analyzer and Collector allows authenticated local users to escalate privileges by manipulating the software's search path. It affects users running vulnerable versions of this Intel software on their systems.

📋 TL;DR

This vulnerability in Intel Trace Analyzer and Collector allows authenticated local users to escalate privileges by manipulating the software's search path. It affects users running vulnerable versions of this Intel software on their systems.

💻 Affected Systems

Products:

Intel Trace Analyzer and Collector

Versions: All versions before 2022.1

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access to the system where the software is installed.

📦 What is this software?

Oneapi Hpc Toolkit by Intel

View all CVEs affecting Oneapi Hpc Toolkit →

Trace Analyzer And Collector by Intel

View all CVEs affecting Trace Analyzer And Collector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains full administrative/root privileges on the system, potentially compromising the entire host.

🟠

Likely Case

Local authenticated user elevates privileges to execute code with higher permissions than intended.

🟢

If Mitigated

With proper access controls and patching, impact is limited to authorized users with legitimate access.

🌐 Internet-Facing: LOW - Requires local authenticated access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local authenticated users could exploit this for privilege escalation within the environment.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local authenticated access and knowledge of the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2022.1 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html

Restart Required: Yes

Instructions:

1. Download Intel Trace Analyzer and Collector version 2022.1 or later from Intel's website. 2. Uninstall the vulnerable version. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict local user access

all

Limit which users have local access to systems running the vulnerable software

Remove unnecessary installations

all

Uninstall Intel Trace Analyzer and Collector if not required for operations

🧯 If You Can't Patch

Implement strict access controls to limit which users can log into affected systems
Monitor for privilege escalation attempts and unusual process behavior

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Intel Trace Analyzer and Collector. If version is earlier than 2022.1, the system is vulnerable.

Check Version:

Check the software's About dialog or installation directory for version information

Verify Fix Applied:

Verify that Intel Trace Analyzer and Collector version is 2022.1 or later after patching.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation with elevated privileges
Access to Intel Trace Analyzer and Collector binaries by non-standard users

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

Process creation events where parent process is Intel Trace Analyzer and Collector with elevated privileges

📊 Metadata

CVE ID: CVE-2024-28172

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: August 14, 2024

Last Updated: September 6, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28172, you might also want to check these: