CVE-2021-33146

CWE-20 — Improper Input Validation CWE-200 — Information Exposure2 documents2 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 61.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet Adapter Complete Driver Intel Ethernet Controller I225-it Firmware Intel Ethernet Controller I225-lm Firmware +1 more

Timeline

PublishedFeb 23

Latest updateMay 16

Description

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5intel(r)_ethernet_adapters_and_intel(r)_ethernet_controller_i225_manageability_firmwareSee references

▶NVDintel/ethernet_controller_i225-v_firmware< 1.87

▶NVDintel/ethernet_controller_i225-it_firmware< 1.87

▶NVDintel/ethernet_controller_i225-lm_firmware< 1.87

▶NVDintel/ethernet_adapter_complete_driver< 29.0.1

🔴Vulnerability Details

CVEList

CVE-2021-33146: Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated↗2024-05-16

▶