Sign-up

ID

VAR-202211-0554


CVE

CVE-2021-33159


TITLE

Intel's  Intel Active Management Technology  Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-020533

DESCRIPTION

Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. Intel's Intel Active Management Technology An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-33159 // JVNDB: JVNDB-2021-020533 // VULHUB: VHN-393173

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:ltversion:16.1.25

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.8.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.22.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.22.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:11.12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:15.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:15.0.42

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:16.1.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:12.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:14.1.67

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:14.1

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:11.12.93

Trust: 1.0

vendor:intelmodel:active management technologyscope:ltversion:12.0.92

Trust: 1.0

vendor:インテルmodel:intel active management technologyscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion:intel active management technology firmware 15.0 that's all 15.0.42

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion:intel active management technology firmware 11.8.93

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion: -

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion:intel active management technology firmware 11.12.0 that's all 11.12.93

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion:intel active management technology firmware 14.1 that's all 14.1.67

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion:intel active management technology firmware 11.22.0 that's all 11.22.93

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion:intel active management technology firmware 16.1.0 that's all 16.1.25

Trust: 0.8

vendor:インテルmodel:intel active management technologyscope:eqversion:intel active management technology firmware 12.0 that's all 12.0.92

Trust: 0.8

sources: JVNDB: JVNDB-2021-020533 // NVD: CVE-2021-33159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33159
value: MEDIUM

Trust: 1.0

secure@intel.com: CVE-2021-33159
value: HIGH

Trust: 1.0

NVD: CVE-2021-33159
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2494
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-33159
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2021-33159
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.1
impactScore: 5.8
version: 3.1

Trust: 1.0

NVD: CVE-2021-33159
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-020533 // CNNVD: CNNVD-202211-2494 // NVD: CVE-2021-33159 // NVD: CVE-2021-33159

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-393173 // JVNDB: JVNDB-2021-020533 // NVD: CVE-2021-33159

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2494

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202211-2494

PATCH

title:Multiple Intel Product Authorization Issue Vulnerability Fixing Measuresurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=214627

Trust: 0.6

sources: CNNVD: CNNVD-202211-2494

EXTERNAL IDS

db:NVDid:CVE-2021-33159

Trust: 3.3

db:JVNid:JVNVU94499505

Trust: 0.8

db:JVNDBid:JVNDB-2021-020533

Trust: 0.8

db:AUSCERTid:ESB-2022.5834

Trust: 0.6

db:CNNVDid:CNNVD-202211-2494

Trust: 0.6

db:VULHUBid:VHN-393173

Trust: 0.1

sources: VULHUB: VHN-393173 // JVNDB: JVNDB-2021-020533 // CNNVD: CNNVD-202211-2494 // NVD: CVE-2021-33159

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html

Trust: 2.5

url:https://jvn.jp/vu/jvnvu94499505/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-33159

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-33159/

Trust: 0.6

url:https://vigilance.fr/vulnerability/intel-amt-csme-sps-multiple-vulnerabilities-39877

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5834

Trust: 0.6

sources: VULHUB: VHN-393173 // JVNDB: JVNDB-2021-020533 // CNNVD: CNNVD-202211-2494 // NVD: CVE-2021-33159

SOURCES

db:VULHUBid:VHN-393173
db:JVNDBid:JVNDB-2021-020533
db:CNNVDid:CNNVD-202211-2494
db:NVDid:CVE-2021-33159

LAST UPDATE DATE

2024-08-14T12:06:38.694000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-393173date:2022-11-17T00:00:00
db:JVNDBid:JVNDB-2021-020533date:2023-11-07T08:19:00
db:CNNVDid:CNNVD-202211-2494date:2022-11-18T00:00:00
db:NVDid:CVE-2021-33159date:2023-05-22T15:27:24.463

SOURCES RELEASE DATE

db:VULHUBid:VHN-393173date:2022-11-11T00:00:00
db:JVNDBid:JVNDB-2021-020533date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202211-2494date:2022-11-09T00:00:00
db:NVDid:CVE-2021-33159date:2022-11-11T16:15:11.440