Sign-up

ID

VAR-202205-1012


CVE

CVE-2021-33077


TITLE

Vulnerabilities in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019586

DESCRIPTION

Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-33077 // JVNDB: JVNDB-2021-019586 // VULMON: CVE-2021-33077

AFFECTED PRODUCTS

vendor:intelmodel:optane ssd 905pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane memory h10 with solid state storagescope:ltversion:tgf061k

Trust: 1.0

vendor:intelmodel:optane memory h20 with solid state storagescope:ltversion:pgf028k

Trust: 1.0

vendor:intelmodel:optane ssd p5800xscope:ltversion:l0310200

Trust: 1.0

vendor:intelmodel:optane ssd dc p4801xscope:ltversion:e2010600

Trust: 1.0

vendor:intelmodel:optane ssd 900pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane ssd dc p4800xscope:ltversion:e2010600

Trust: 1.0

vendor:インテルmodel:optane ssd dc p4801xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd dc p4800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h20 with solid state storagescope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 900pscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd p5800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 905pscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h10 with solid state storagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019586 // NVD: CVE-2021-33077

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-33077
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202205-3144
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33077
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-33077
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-33077
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-33077 // JVNDB: JVNDB-2021-019586 // NVD: CVE-2021-33077 // CNNVD: CNNVD-202205-3144

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019586 // NVD: CVE-2021-33077

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3144

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-33077

PATCH
title:Multiple Intel Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193562
Trust: 0.6
title:Threatposturl:https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2022/05/12/intel_product_bugs/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33077 // 
            
            
            
            CNNVD: CNNVD-202205-3144

EXTERNAL IDS
db:NVDid:CVE-2021-33077
Trust: 3.3
db:JVNid:JVNVU93344744
Trust: 0.8
db:JVNDBid:JVNDB-2021-019586
Trust: 0.8
db:CNNVDid:CNNVD-202205-3144
Trust: 0.6
db:VULMONid:CVE-2021-33077
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33077 // 
            
            
            
            JVNDB: JVNDB-2021-019586 // 
            
            
            
            NVD: CVE-2021-33077 // 
            
            
            
            CNNVD: CNNVD-202205-3144

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html
Trust: 2.5
url:https://jvn.jp/vu/jvnvu93344744/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-33077
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2021-33077/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33077 // 
            
            
            
            JVNDB: JVNDB-2021-019586 // 
            
            
            
            NVD: CVE-2021-33077 // 
            
            
            
            CNNVD: CNNVD-202205-3144

SOURCES
db:VULMONid:CVE-2021-33077
db:JVNDBid:JVNDB-2021-019586
db:NVDid:CVE-2021-33077
db:CNNVDid:CNNVD-202205-3144

LAST UPDATE DATE
2023-12-18T11:48:05.572000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-33077date:2022-05-19T00:00:00
db:JVNDBid:JVNDB-2021-019586date:2023-08-04T08:30:00
db:NVDid:CVE-2021-33077date:2022-07-12T17:42:04.277
db:CNNVDid:CNNVD-202205-3144date:2022-07-14T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-33077date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2021-019586date:2023-08-04T00:00:00
db:NVDid:CVE-2021-33077date:2022-05-12T17:15:09.003
db:CNNVDid:CNNVD-202205-3144date:2022-05-12T00:00:00