CVE-2021-33080

CWE-2123 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 64.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Optane Memory H10 With Solid State Storage Firmware Intel Optane Memory H20 With Solid State Storage Firmware Intel Optane SSD 900p Firmware +4 more

Timeline

PublishedMay 12

Latest updateMay 13

Description

Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages7 packages

▶NVDintel/optane_ssd_900p_firmware< fw600

▶NVDintel/optane_ssd_905p_firmware< fw600

▶NVDintel/optane_ssd_p5800x_firmware< l0310200

▶NVDintel/optane_ssd_dc_p4800x_firmware< e2010600

▶NVDintel/optane_ssd_dc_p4801x_firmware< e2010600

🔴Vulnerability Details

GHSA

GHSA-qmqw-hp6j-fxqv: Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R)↗2022-05-13

▶

CVEList

CVE-2021-33080: Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R)↗2022-05-12

▶