CVE-2021-0198 — Incorrect Authorization in Intel Ethernet Network Controller E810-cam1 Firmware

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 69.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet Network Controller E810-cam1 Firmware Intel Ethernet Network Controller E810-cam2 Firmware Intel Ethernet Network Controller E810-xxvam2 Firmware

Timeline

PublishedNov 17

Latest updateMay 24

Description

Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

▶NVDintel/ethernet_network_controller_e810-cam1_firmware< 1.5.5.6

▶NVDintel/ethernet_network_controller_e810-cam2_firmware< 1.5.5.6

▶NVDintel/ethernet_network_controller_e810-xxvam2_firmware< 1.5.5.6

🔴Vulnerability Details

GHSA

GHSA-h3gj-5fpq-cmpr: Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1↗2022-05-24

▶

CVEList

CVE-2021-0198: Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1↗2021-11-17

▶