CVE-2023-29242

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 78.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Oneapi AI Analytics Toolkit Intel Oneapi Base Toolkit Intel Oneapi DL Framework Developer Toolkit +3 more

Timeline

PublishedMay 12

Description

Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5intel(r)_oneapi_toolkitsbefore version 2021.1 Beta 10

▶NVDintel/oneapi_hpc_toolkit2021.1

▶NVDintel/oneapi_iot_toolkit2021.1

▶NVDintel/oneapi_base_toolkit2021.1

▶NVDintel/oneapi_rendering_toolkit2021.1

🔴Vulnerability Details

GHSA

GHSA-j935-p4c9-9pvj: Improper access control for Intel(R) oneAPI Toolkits before version 2021↗2023-05-12

▶

CVEList

CVE-2023-29242: Improper access control for Intel(R) oneAPI Toolkits before version 2021↗2023-05-12

▶