CVE-2021-0148 — Log File Information Exposure in Intel SSD D-s4510 Firmware

CWE-532 — Log File Information Exposure3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 81.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SSD D-s4510 Firmware Intel SSD D7-p5500 Firmware Intel SSD D7-p5600 Firmware +8 more

Timeline

PublishedNov 17

Latest updateMay 24

Description

Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages11 packages

▶NVDintel/ssd_d-s4510_firmware< xcv10140

▶NVDintel/ssd_d7-p5500_firmware< 1.2.0+3

▶NVDintel/ssd_d7-p5600_firmware< 1.2.0+2

▶NVDintel/ssd_d7-p5608_firmware< 2cv1r106

▶NVDintel/ssd_dc_d4512_firmware< et10

🔴Vulnerability Details

GHSA

GHSA-f5c6-33cf-r833: Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure v↗2022-05-24

▶

CVEList

CVE-2021-0148: Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure v↗2021-11-17

▶