Intel Serial IO driver: Increased privileges - Existing account

=========================================================================== 
                         ZMCIRT Vulnerability Bulletin

                             ZMC-2021.11.15.0800
                       Intel Serial IO driver: Increased privileges - Existing account
                               15th November 2021

===========================================================================

Product:           Intel Serial IO driver
Publisher:         Intel
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Increased Privileges -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-33118  

Original Bulletin: 
   https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00560.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Intel ID:                 INTEL-SA-00560
Advisory Category:        Software
Impact of vulnerability : Escalation of Privilege
Severity rating :         MEDIUM
Original release:         11/09/2021
Last revised:             11/09/2021

Summary:

A potential security vulnerability in the Intel Serial IO driver for Intel NUC
11 Gen may allow escalation of privilege. Intel is releasing a software update
to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2021-33118

Description: Improper access control in the software installer for the Intel(R)
Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow
an authenticated user to potentially enable escalation of privilege via local
access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel Serial IO driver for Intel NUC 11 Gen before version 30.100.2104.1.

Recommendations:

Intel recommends updating the Intel Serial IO driver for Intel NUC 11 Gen to
version 30.100.2104.1 or later.

Updates are available for download at this location: https://
downloadcenter.intel.com/download/30131/
Intel-Serial-IO-Driver-for-Intel-NUC-11-Gen

Acknowledgements:

Intel would like to thank Mazoz Ocher for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice
called Coordinated Disclosure, under which a cybersecurity vulnerability is
generally publicly disclosed only after mitigations are available.

Revision History

Revision    Date      Description
1.0      11/09/2021 Initial Release




- --------------------------END INCLUDED TEXT--------------------





 
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Internet Email: report@cirt.zm     
Telephone:     7070 
                ZMCIRT personnel answer during Zambian business hours 
                which are 8am to 5pm.
                On call after hours for member emergencies only.
===========================================================================