The latest security information on Intel® products.

Summary: 

Potential security vulnerabilities in the Intel® Server Debug and Provisioning Tool for Windows software (Intel® SDP) may allow escalation of privilege. Intel is not releasing software updates to mitigate these potential vulnerabilities and has issued a product discontinuation notice for Intel® SDP Tool for Windows.

Vulnerability Details: 

CVEID:  CVE-2024-35201

Description: Incorrect default permissions in the Intel® SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-36253

Description: Uncontrolled search path in the Intel® SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

Intel® SDP Tool for Windows software all versions.

Recommendation:

Intel has issued a product discontinuation notice for Intel® SDP Tool for Windows software as of November 12, 2024 the Intel® SDP Tool for Windows software is not supported with any additional functional, security, or other updates. Intel recommends that users of the Intel® SDP Tool for Windows software uninstall it or discontinue use as soon as possible.

Acknowledgements:

Intel would like to thank Mohamed amine Saidani for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.