Details of VAR-202302-1249

ID

VAR-202302-1249

CVE

CVE-2021-33104

TITLE

Intel's one boot flash update Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020464

DESCRIPTION

Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. Intel's one boot flash update Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-33104 // JVNDB: JVNDB-2021-020464 // VULHUB: VHN-393118 // VULMON: CVE-2021-33104

AFFECTED PRODUCTS

vendor:	intel	model:	one boot flash update	scope:	lt	version:	14.1.28	Trust: 1.0
vendor:	インテル	model:	one boot flash update	scope:	eq	version:	14.1.28	Trust: 0.8
vendor:	インテル	model:	one boot flash update	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	one boot flash update	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-020464 // NVD: CVE-2021-33104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33104
value:	MEDIUM
Trust: 1.0
secure@intel.com:	CVE-2021-33104
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33104
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-1328
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-33104
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2021-33104
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33104
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-020464 // CNNVD: CNNVD-202302-1328 // NVD: CVE-2021-33104 // NVD: CVE-2021-33104

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-020464 // NVD: CVE-2021-33104

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1328

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1328

PATCH

title:

Intel One Boot Flash Utility Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=225841

Trust: 0.6

sources: CNNVD: CNNVD-202302-1328

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33104	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-020464	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0907	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1328	Trust: 0.6
db:	VULHUB	id:	VHN-393118	Trust: 0.1
db:	VULMON	id:	CVE-2021-33104	Trust: 0.1

sources: VULHUB: VHN-393118 // VULMON: CVE-2021-33104 // JVNDB: JVNDB-2021-020464 // CNNVD: CNNVD-202302-1328 // NVD: CVE-2021-33104

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00769.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33104	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-33104/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0907	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-393118 // VULMON: CVE-2021-33104 // JVNDB: JVNDB-2021-020464 // CNNVD: CNNVD-202302-1328 // NVD: CVE-2021-33104

SOURCES

db:	VULHUB	id:	VHN-393118
db:	VULMON	id:	CVE-2021-33104
db:	JVNDB	id:	JVNDB-2021-020464
db:	CNNVD	id:	CNNVD-202302-1328
db:	NVD	id:	CVE-2021-33104

LAST UPDATE DATE

2024-08-14T12:41:00.319000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393118	date:	2023-03-06T00:00:00
db:	VULMON	id:	CVE-2021-33104	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-020464	date:	2023-10-31T06:28:00
db:	CNNVD	id:	CNNVD-202302-1328	date:	2023-03-07T00:00:00
db:	NVD	id:	CVE-2021-33104	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393118	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2021-33104	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-020464	date:	2023-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202302-1328	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2021-33104	date:	2023-02-16T21:15:11.327