Sign-up

ID

VAR-202205-0949


CVE

CVE-2021-33083


TITLE

Authentication Vulnerability in Multiple Intel Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019618

DESCRIPTION

Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access

Trust: 1.71

sources: NVD: CVE-2021-33083 // JVNDB: JVNDB-2021-019618 // VULMON: CVE-2021-33083

AFFECTED PRODUCTS

vendor:intelmodel:optane ssd 905pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane memory h10 with solid state storagescope:ltversion:tgf061k

Trust: 1.0

vendor:intelmodel:optane memory h20 with solid state storagescope:ltversion:pgf028k

Trust: 1.0

vendor:intelmodel:optane ssd p5800xscope:ltversion:l0310200

Trust: 1.0

vendor:intelmodel:optane ssd dc p4801xscope:ltversion:e2010600

Trust: 1.0

vendor:intelmodel:optane ssd 900pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane ssd dc p4800xscope:ltversion:e2010600

Trust: 1.0

vendor:インテルmodel:optane ssd dc p4800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd p5800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h10 with solid state storagescope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd dc p4801xscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 905pscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 900pscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h20 with solid state storagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019618 // NVD: CVE-2021-33083

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-33083
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202205-3140
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33083
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-33083
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-33083
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-33083 // JVNDB: JVNDB-2021-019618 // NVD: CVE-2021-33083 // CNNVD: CNNVD-202205-3140

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019618 // NVD: CVE-2021-33083

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-3140

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202205-3140

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-33083

PATCH
title:Multiple Intel Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193819
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202205-3140

EXTERNAL IDS
db:NVDid:CVE-2021-33083
Trust: 3.3
db:JVNid:JVNVU93344744
Trust: 0.8
db:JVNDBid:JVNDB-2021-019618
Trust: 0.8
db:CNNVDid:CNNVD-202205-3140
Trust: 0.6
db:VULMONid:CVE-2021-33083
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33083 // 
            
            
            
            JVNDB: JVNDB-2021-019618 // 
            
            
            
            NVD: CVE-2021-33083 // 
            
            
            
            CNNVD: CNNVD-202205-3140

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html
Trust: 2.5
url:https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/solidigm%20sa-000563%20rev1.1.pdf
Trust: 1.6
url:https://jvn.jp/vu/jvnvu93344744/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-33083
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2021-33083/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33083 // 
            
            
            
            JVNDB: JVNDB-2021-019618 // 
            
            
            
            NVD: CVE-2021-33083 // 
            
            
            
            CNNVD: CNNVD-202205-3140

SOURCES
db:VULMONid:CVE-2021-33083
db:JVNDBid:JVNDB-2021-019618
db:NVDid:CVE-2021-33083
db:CNNVDid:CNNVD-202205-3140

LAST UPDATE DATE
2023-12-18T10:49:59.413000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-33083date:2022-05-23T00:00:00
db:JVNDBid:JVNDB-2021-019618date:2023-08-07T08:16:00
db:NVDid:CVE-2021-33083date:2022-10-07T13:17:27.747
db:CNNVDid:CNNVD-202205-3140date:2022-09-21T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-33083date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2021-019618date:2023-08-07T00:00:00
db:NVDid:CVE-2021-33083date:2022-05-12T17:15:09.167
db:CNNVDid:CNNVD-202205-3140date:2022-05-12T00:00:00