CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N
The version of Intel Trace Analyzer and Collectorinstalled on the remote Windows host is prior to 2022.1. It is, therefore, affected by an escalation of privilege vulnerability. For more information, consult the vendor advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(206234);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/09");
script_cve_id("CVE-2024-28172");
script_xref(name:"IAVA", value:"2024-A-0486");
script_name(english:"Intel Trace Analyzer and Collector < 2022.1 Privilege Escalation");
script_set_attribute(attribute:"synopsis", value:
"A software performance profiler application installed on the remote Windows host is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Intel Trace Analyzer and Collectorinstalled on the remote Windows host is prior to 2022.1. It is,
therefore, affected by an escalation of privilege vulnerability. For more information, consult the vendor advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?14bd8122");
script_set_attribute(attribute:"solution", value:
"Upgrade to Intel Trace Analyzer and Collector version 2022.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-28172");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:intel:chipset_device_software");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("intel_trace_analyzer_and_collector_installed.nbin");
script_require_keys("SMB/Registry/Enumerated", "installed_sw/Intel Trace Analyzer and Collector");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'Intel Trace Analyzer and Collector', win_local:TRUE);
var constraints = [
{ 'fixed_version' : '2022.1' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N