Sign-up

ID

VAR-202205-1013


CVE

CVE-2021-33080


TITLE

Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019620

DESCRIPTION

Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-33080 // JVNDB: JVNDB-2021-019620 // VULMON: CVE-2021-33080

AFFECTED PRODUCTS

vendor:intelmodel:optane ssd 905pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane memory h10 with solid state storagescope:ltversion:tgf061k

Trust: 1.0

vendor:intelmodel:optane memory h20 with solid state storagescope:ltversion:pgf028k

Trust: 1.0

vendor:intelmodel:optane ssd p5800xscope:ltversion:l0310200

Trust: 1.0

vendor:intelmodel:optane ssd dc p4801xscope:ltversion:e2010600

Trust: 1.0

vendor:intelmodel:optane ssd 900pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane ssd dc p4800xscope:ltversion:e2010600

Trust: 1.0

vendor:インテルmodel:optane ssd dc p4800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd p5800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h10 with solid state storagescope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd dc p4801xscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 905pscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 900pscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h20 with solid state storagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019620 // NVD: CVE-2021-33080

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-33080
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202205-3142
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33080
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-33080
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-33080
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-33080 // JVNDB: JVNDB-2021-019620 // NVD: CVE-2021-33080 // CNNVD: CNNVD-202205-3142

PROBLEMTYPE DATA

problemtype:CWE-212

Trust: 1.0

problemtype:Improper removal of important information prior to storage or transfer (CWE-212) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019620 // NVD: CVE-2021-33080

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3142

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-33080

PATCH
title:Multiple Intel Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193821
Trust: 0.6
title:Threatposturl:https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2022/05/12/intel_product_bugs/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33080 // 
            
            
            
            CNNVD: CNNVD-202205-3142

EXTERNAL IDS
db:NVDid:CVE-2021-33080
Trust: 3.3
db:JVNid:JVNVU93344744
Trust: 0.8
db:JVNDBid:JVNDB-2021-019620
Trust: 0.8
db:CNNVDid:CNNVD-202205-3142
Trust: 0.6
db:VULMONid:CVE-2021-33080
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33080 // 
            
            
            
            JVNDB: JVNDB-2021-019620 // 
            
            
            
            NVD: CVE-2021-33080 // 
            
            
            
            CNNVD: CNNVD-202205-3142

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html
Trust: 2.5
url:https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/solidigm%20sa-000563%20rev1.1.pdf
Trust: 1.6
url:https://jvn.jp/vu/jvnvu93344744/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-33080
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2021-33080/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33080 // 
            
            
            
            JVNDB: JVNDB-2021-019620 // 
            
            
            
            NVD: CVE-2021-33080 // 
            
            
            
            CNNVD: CNNVD-202205-3142

SOURCES
db:VULMONid:CVE-2021-33080
db:JVNDBid:JVNDB-2021-019620
db:NVDid:CVE-2021-33080
db:CNNVDid:CNNVD-202205-3142

LAST UPDATE DATE
2023-12-18T11:00:48.340000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-33080date:2022-05-23T00:00:00
db:JVNDBid:JVNDB-2021-019620date:2023-08-07T08:16:00
db:NVDid:CVE-2021-33080date:2022-10-07T13:58:36.250
db:CNNVDid:CNNVD-202205-3142date:2022-09-21T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-33080date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2021-019620date:2023-08-07T00:00:00
db:NVDid:CVE-2021-33080date:2022-05-12T17:15:09.087
db:CNNVDid:CNNVD-202205-3142date:2022-05-12T00:00:00