Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27391

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 29 products from intel, from intel, from intel and 26 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2023, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2023-08-11T03:15:21.893

Last Modified

2024-11-21T07:52:48.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-284
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application intel advisor_for_oneapi < 2023.1 Yes
Application intel cpu_runtime_for_opencl_applications < 2023.1 Yes
Application intel distribution_for_python_programming_language < 2023.1 Yes
Application intel dpc\+\+_compatibility_tool < 2023.1 Yes
Application intel embree_ray_tracing_kernel_library < 2023.1 Yes
Application intel fortran_compiler < 2023.1 Yes
Application intel implicit_spmd_program_compiler < 1.19.1 Yes
Application intel inspector_for_oneapi < 2023.1 Yes
Application intel integrated_performance_primitives < 2021.8 Yes
Application intel ipp_cryptography < 2021.7.0 Yes
Application intel mpi_library < 2021.9.0 Yes
Application intel oneapi_base_toolkit < 2023.1 Yes
Application intel oneapi_data_analytics_library < 2023.1 Yes
Application intel oneapi_deep_neural_network_library < 2023.1 Yes
Application intel oneapi_dpc\+\+\/c\+\+_compiler < 2023.1 Yes
Application intel oneapi_dpc\+\+_library_\(onedpl\) < 2022.1 Yes
Application intel oneapi_hpc_toolkit < 2023.1 Yes
Application intel oneapi_iot_toolkit < 2023.1 Yes
Application intel oneapi_math_kernel_library < 2023.1 Yes
Application intel oneapi_rendering_toolkit < 2023.1 Yes
Application intel oneapi_threading_building_blocks < 2021.9.0 Yes
Application intel oneapi_toolkit_and_component_software_installer < 4.3.1.493 Yes
Application intel oneapi_video_processing_library < 2023.1 Yes
Application intel open_image_denoise < 1.4.3 Yes
Application intel open_volume_kernel_library < 2023.1 Yes
Application intel ospray < 2023.1 Yes
Application intel ospray_studio < 2023.1 Yes
Application intel trace_analyzer_and_collector < 2021.9.0 Yes
Application intel vtune_profiler_for_oneapi < 2023.1 Yes
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For intel's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.