#VU83467 Protection Mechanism Failure in Intel oneAPI HPC Toolkit and MPI Library - CVE-2023-27383

Cybersecurity Help s.r.o.

Published: 2023-11-23

Vulnerability identifier: #VU83467

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-27383

CWE-ID: CWE-693

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Intel oneAPI HPC Toolkit
Universal components / Libraries / Software for developers
MPI Library
Universal components / Libraries / Libraries used by multiple products

Vendor: Intel

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote administrator on the local network can bypass implemented security restrictions and elevate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel oneAPI HPC Toolkit: before 2023.1

MPI Library: before 2021.9

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00841.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel oneAPI Toolkit and Component