CVE Vulnerability

CVE-2021-33107

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

2.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

4.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.html Patch Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:intel:setup_and_configuration_software:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:active_management_technology_software_development_kit:*:*:*:*:*:*:*:*
Information

Published : 2022-02-09 11:15

Updated : 2022-07-28 09:30

NVD link : CVE-2021-33107

Mitre link : CVE-2021-33107

Products Affected

Intel

Pentium Gold G5400

CWE
CWE-522