CVE-2023-32618

Vulnerability

An uncontrolled search path vulnerability exists in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2. The affected installers may load unintended dynamic-link libraries (DLLs) from insecure search paths, enabling an attacker with local access and valid credentials to subvert the installation process [1].

Exploitation

An attacker must have local access to the system and valid authentication credentials. Exploitation requires the attacker to place a malicious DLL in a directory that the installer searches before the intended system directory, causing the installer to load the attacker's DLL instead of the legitimate one. No user interaction beyond initiating the installer is needed [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the installer process, potentially leading to escalation of privilege on the affected system. The attacker can achieve arbitrary code execution in the context of the installer, which typically runs with elevated permissions [1].

Mitigation

The vulnerability is fixed in Intel oneAPI Toolkit and component software installers version 4.3.2 and later. Users should update to the latest version available on Intel's official website. No workaround is documented by Intel. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].