Intel HPC Toolkit Privilege Escalation Vulnerability (INTEL-SA-01386)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(277103);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/27");

  script_cve_id("CVE-2025-35972");
  script_xref(name:"IAVA", value:"2025-A-0862");

  script_name(english:"Intel HPC Toolkit Privilege Escalation Vulnerability (INTEL-SA-01386)");

  script_set_attribute(attribute:"synopsis", value:
"A software performance profiler application installed on the remote Windows host is affected by a privilege escalation vulnerability.");
  script_set_attribute(attribute:"description", value:
"Intel® oneAPI HPC Toolkit is installed on the remote Windows host. It is, therefore, affected by an escalation
of privilege vulnerability:

  - Uncontrolled search path for the Intel® oneAPI HPC Toolkit and 2025.2: User Applications may allow an escalation of 
    privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation 
    of privilege. This result may potentially occur via local access when attack requirements are present without special internal 
    knowledge and requires active user interaction. (CVE-2025-35972)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01386.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b2564018");
  script_set_attribute(attribute:"solution", value:
"Uninstall Intel Trace Analyzer and Collector.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-35972");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/11/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:intel:oneapi_hpc_toolkit");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("intel_hpc_toolkit_installed.nbin");
  script_require_keys("SMB/Registry/Enumerated", "installed_sw/Intel HPC Toolkit");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'Intel HPC Toolkit', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '2025.2'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:result);