Detections
Analytics

Intel oneAPI Base Toolkit < 2024.1.0 Multiple Vulnerabilities

medium Nessus Plugin ID 298979

Synopsis

The remote Windows host contains a library that is affected by multiple vulnerabilities.

Description

Multiple vulnerabilities exist in Intel oneAPI Base Toolkit versions prior to 2024.1.0. See vendor advisory for more details.

- Incorrect default permissions for some Intel® oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2024-21784)

 - Incorrect default permissions in some Intel® Distribution for GDB software may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2024-28887)

 - Uncontrolled search path for some Intel® oneAPI Compiler software may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2024-21766)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Intel oneAPI Base Toolkit 2024.1.0 or later.

See Also

http://www.nessus.org/u?c0eaaea6

http://www.nessus.org/u?e6b677bf

http://www.nessus.org/u?df8a8397

http://www.nessus.org/u?abf0b858

http://www.nessus.org/u?61257955

http://www.nessus.org/u?205de488

Plugin Details

Severity: Medium

ID: 298979

File Name: intel_oneapi_base_toolkit_2024_1_0.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 2/13/2026

Updated: 2/13/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-26025

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2024-26025

Vulnerability Information

CPE: cpe:/a:intel:oneapi_base_toolkit

Required KB Items: installed_sw/oneAPI Base Toolkit

Patch Publication Date: 8/12/2024

Vulnerability Publication Date: 8/12/2024

Reference Information

CVE: CVE-2024-21766, CVE-2024-21784, CVE-2024-21857, CVE-2024-23491, CVE-2024-23495, CVE-2024-24973, CVE-2024-25562, CVE-2024-26025, CVE-2024-28887

IAVA: 2024-A-0486