CVE-2021-33076

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 72.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SSD 600p Firmware Intel SSD 660p Firmware Intel SSD 665p Firmware +26 more

Timeline

PublishedSep 20

Latest updateSep 21

Description

Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 0.9 | Impact: 4.0

Affected Packages30 packages

▶NVDintel/ssd_600p_firmware< 122c

▶NVDintel/ssd_660p_firmware< 005c

▶NVDintel/ssd_665p_firmware< 002c

▶NVDintel/ssd_670p_firmware< 003c

▶NVDintel/ssd_700p_firmware< 005c

🔴Vulnerability Details

GHSA

GHSA-3wv4-m62m-7h6v: Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege↗2022-09-21

▶

CVEList

CVE-2021-33076: Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege↗2022-09-20

▶