CVE-2021-0200

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 68.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet Controller V710-at2 Firmware Intel Ethernet Controller X710-am2 Firmware Intel Ethernet Controller X710-at2 Firmware +8 more

Timeline

PublishedNov 17

Latest updateMay 24

Description

Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages12 packages

▶CVEListV5intel(r)_ethernet_700_series_controllersbefore version 8.2

▶NVDintel/ethernet_controller_v710-at2_firmware< 8.2

▶NVDintel/ethernet_controller_x710-am2_firmware< 8.2

▶NVDintel/ethernet_controller_x710-at2_firmware< 8.2

▶NVDintel/ethernet_controller_x710-bm2_firmware< 8.2

🔴Vulnerability Details

GHSA

GHSA-98pq-6473-xgg2: Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8↗2022-05-24

▶

CVEList

CVE-2021-0200: Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8↗2021-11-17

▶