CVE-2021-33107 — Insufficiently Protected Credentials in Intel Active Management Technology Software Development KIT

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 79.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Active Management Technology Software Development KIT Intel Management Engine Bios Extension Intel Setup AND Configuration Software

Timeline

PublishedFeb 9

Latest updateFeb 11

Description

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages3 packages

▶NVDintel/management_engine_bios_extension< 15.0.0.0004+3

▶NVDintel/setup_and_configuration_software< 12.2

▶NVDintel/active_management_technology_software_development_kit< 16.0.3

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-343q-2m8h-67wf: Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16↗2022-02-11

▶

CVEList

CVE-2021-33107: Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16↗2022-02-09

▶