CVE-2021-33077

3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 77.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Optane Memory H10 With Solid State Storage Firmware Intel Optane Memory H20 With Solid State Storage Firmware Intel Optane SSD 900p Firmware +4 more

Timeline

PublishedMay 12

Latest updateMay 13

Description

Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages7 packages

▶NVDintel/optane_ssd_900p_firmware< fw600

▶NVDintel/optane_ssd_905p_firmware< fw600

▶NVDintel/optane_ssd_p5800x_firmware< l0310200

▶NVDintel/optane_ssd_dc_p4800x_firmware< e2010600

▶NVDintel/optane_ssd_dc_p4801x_firmware< e2010600

🔴Vulnerability Details

GHSA

GHSA-fpf8-xccp-3wqf: Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthentica↗2022-05-13

▶

CVEList

CVE-2021-33077: Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthentica↗2022-05-12

▶