A potential security vulnerability in the Intel® System Studio software may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® System Studio software.
CVEID: CVE-2021-33064
Description: Uncontrolled search path in the software installer for Intel® System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Intel® System Studio software all versions.
Intel has issued a Product Discontinuation Notice for the Intel® System Studio software and recommends that users of the Intel® System Studio software uninstall it or discontinue use at their earliest convenience.
Intel® oneAPI is considered as the successor product to replace the System Studio software. Intel® oneAPI installer is based on code which does not have the issue in question.
Intel would like to thank houjingyi for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.