PT-2024-8767 · Intel · Intel Extension For Transformers

Sunrisexu

Published

2024-11-12

Updated

2024-11-15

CVE-2024-21799

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Intel(R) Extension for Transformers versions prior to 1.5

Description: The issue is related to path traversal in the Intel(R) Extension for Transformers software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This is due to incorrect restriction of the directory path name with limited access. Exploitation of the issue may allow an attacker to elevate their privileges.

Recommendations: For versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting local access to the software to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2024-10382

CVE-2024-21799

Affected Products

Intel Extension For Transformers

PT-2024-8767 · Intel · Intel Extension For Transformers

CVE-2024-21799

Weakness Enumeration

Related Identifiers

Affected Products

References · 6