SB2021061523 - Multiple vulnerabilities in Intel Unite Client for Windows
Published: June 15, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Unquoted Search Path or Element (CVE-ID: CVE-2021-0112)
CWE-ID: CWE-428 - Unquoted Search Path or Element
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to unquoted service path. A local user can gain elevated privileges on the target system.
2) Improper access control (CVE-ID: CVE-2021-0098)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.
3) Unquoted Search Path or Element (CVE-ID: CVE-2021-0108)
CWE-ID: CWE-428 - Unquoted Search Path or Element
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to uncontrolled search path. A local user can gain elevated privileges on the target system.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-0102)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure inherited permissions, which leads to security restrictions bypass and privilege escalation.
Remediation
Install update from vendor's website.