Rewterz Threat Alert –Quasar RAT – Active IOCs
March 7, 2023Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities
March 7, 2023Rewterz Threat Alert –Quasar RAT – Active IOCs
March 7, 2023Rewterz Threat Advisory – Multiple Intel Products Vulnerabilities
March 7, 2023Severity
Medium
Analysis Summary
CVE-2022-34841 CVSS:5.7
Intel Media SDK software could allow a local authenticated attacker to gain elevated privileges on the system, caused by Improper buffer restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-26421 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-26076 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-26032 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-26425 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-25905 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-26062 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-26345 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-26512 CVSS:6.7
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path element. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-25992 CVSS:6.1
Intel oneAPI Toolkits could allow a local authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permissions. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-25987 CVSS:8.3
Intel oneAPI Toolkits could allow a remote attacker to gain elevated privileges on the system, caused by improper handling of Unicode encoding in source code. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-34841
- CVE-2022-26421
- CVE-2022-26076
- CVE-2022-26032
- CVE-2022-26425
- CVE-2022-25905
- CVE-2022-26062
- CVE-2022-26345
- CVE-2022-26512
- CVE-2022-25992
- CVE-2022-25987
Affected Vendors
Intel
Affected Products
- Intel Media Software Development Kit 22.2.2
- Intel oneAPI DPC++/C++ Compiler Runtime
- Intel oneAPI Deep Neural Network (oneDNN)
- Intel Distribution for Python programming language
- Intel oneAPI Collective Communications Library (oneCCL)
- Intel oneAPI Base ToolkitIntel oneAPI Data Analytics Library (oneDAL)
- Intel C++ Compiler Classic 2021.6
- Intel oneAPI HPC Toolkit
- Intel oneAPI Toolkit OpenMP
- Intel FPGA Add-on for Intel oneAPI Base Toolkit
- Intel oneAPI Toolkits oneapi-cli
- Intel oneAPI Toolkits 2021.1 Beta 9
- Intel oneAPI Toolkits
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.