Sign-up

ID

VAR-202205-1051


CVE

CVE-2021-33082


TITLE

Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019619

DESCRIPTION

Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. optane ssd dc p4800x firmware, optane ssd dc p4801x firmware, optane ssd p5800x Multiple Intel products, such as firmware, contain vulnerabilities related to deletion of important information before storage or transfer.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-33082 // JVNDB: JVNDB-2021-019619 // VULMON: CVE-2021-33082

AFFECTED PRODUCTS

vendor:intelmodel:optane ssd 905pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane memory h10 with solid state storagescope:ltversion:tgf061k

Trust: 1.0

vendor:intelmodel:optane memory h20 with solid state storagescope:ltversion:pgf028k

Trust: 1.0

vendor:intelmodel:optane ssd p5800xscope:ltversion:l0310200

Trust: 1.0

vendor:intelmodel:optane ssd dc p4801xscope:ltversion:e2010600

Trust: 1.0

vendor:intelmodel:optane ssd 900pscope:ltversion:fw600

Trust: 1.0

vendor:intelmodel:optane ssd dc p4800xscope:ltversion:e2010600

Trust: 1.0

vendor:インテルmodel:optane ssd dc p4800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd p5800xscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h10 with solid state storagescope: - version: -

Trust: 0.8

vendor:インテルmodel:optane ssd dc p4801xscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 905pscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel optane ssd 900pscope: - version: -

Trust: 0.8

vendor:インテルmodel:optane memory h20 with solid state storagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019619 // NVD: CVE-2021-33082

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-33082
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202205-3141
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-33082
value: LOW

Trust: 0.1

NVD:
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-33082
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-33082
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-33082 // JVNDB: JVNDB-2021-019619 // NVD: CVE-2021-33082 // CNNVD: CNNVD-202205-3141

PROBLEMTYPE DATA

problemtype:CWE-212

Trust: 1.0

problemtype:Improper removal of important information prior to storage or transfer (CWE-212) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019619 // NVD: CVE-2021-33082

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3141

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-33082

PATCH
title:Multiple Intel Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=193820
Trust: 0.6
title:Threatposturl:https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33082 // 
            
            
            
            CNNVD: CNNVD-202205-3141

EXTERNAL IDS
db:NVDid:CVE-2021-33082
Trust: 3.3
db:JVNid:JVNVU93344744
Trust: 0.8
db:JVNDBid:JVNDB-2021-019619
Trust: 0.8
db:CNNVDid:CNNVD-202205-3141
Trust: 0.6
db:VULMONid:CVE-2021-33082
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33082 // 
            
            
            
            JVNDB: JVNDB-2021-019619 // 
            
            
            
            NVD: CVE-2021-33082 // 
            
            
            
            CNNVD: CNNVD-202205-3141

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html
Trust: 2.5
url:https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/solidigm%20sa-000563%20rev1.1.pdf
Trust: 1.6
url:https://jvn.jp/vu/jvnvu93344744/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2021-33082
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2021-33082/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-33082 // 
            
            
            
            JVNDB: JVNDB-2021-019619 // 
            
            
            
            NVD: CVE-2021-33082 // 
            
            
            
            CNNVD: CNNVD-202205-3141

SOURCES
db:VULMONid:CVE-2021-33082
db:JVNDBid:JVNDB-2021-019619
db:NVDid:CVE-2021-33082
db:CNNVDid:CNNVD-202205-3141

LAST UPDATE DATE
2023-12-18T11:52:52.121000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-33082date:2022-05-23T00:00:00
db:JVNDBid:JVNDB-2021-019619date:2023-08-07T08:16:00
db:NVDid:CVE-2021-33082date:2022-10-07T13:58:39.500
db:CNNVDid:CNNVD-202205-3141date:2022-09-21T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-33082date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2021-019619date:2023-08-07T00:00:00
db:NVDid:CVE-2021-33082date:2022-05-12T17:15:09.123
db:CNNVDid:CNNVD-202205-3141date:2022-05-12T00:00:00