CVE-2021-0199

CWE-20 — Improper Input Validation10 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 69.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet Network Controller E810-cam1 Firmware Intel Ethernet Network Controller E810-cam2 Firmware Intel Ethernet Network Controller E810-xxvam2 Firmware

Timeline

PublishedNov 17

Latest updateMay 24

Description

Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

▶NVDintel/ethernet_network_controller_e810-cam1_firmware< 1.6.0.6

▶NVDintel/ethernet_network_controller_e810-cam2_firmware< 1.6.0.6

▶NVDintel/ethernet_network_controller_e810-xxvam2_firmware< 1.6.0.6

▶CVEListV5intel(r)_ethernet_network_controller_e810before version 1.6.0.6

🔴Vulnerability Details

GHSA

GHSA-98gv-gv6p-g6h2: Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1↗2022-05-24

▶

CVEList

CVE-2021-0199: Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1↗2021-11-17

▶

🕵️Threat Intelligence

Trendmicro

FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal↗2021-09-29

▶