CVE-2021-33162

CWE-284 — Improper Access Control2 documents2 sources

Severity

8.4HIGH

EPSS

0.1%

top 81.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet Adapter Complete Driver Intel Ethernet Controller I225-it Firmware Intel Ethernet Controller I225-lm Firmware +1 more

Timeline

PublishedFeb 23

Latest updateMay 16

Description

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HExploitability: 2.0 | Impact: 5.8

Affected Packages5 packages

▶CVEListV5intel(r)_ethernet_adapters_and_intel(r)_ethernet_controller_i225_manageability_firmwareSee references

▶NVDintel/ethernet_controller_i225-v_firmware< 1.87

▶NVDintel/ethernet_controller_i225-it_firmware< 1.87

▶NVDintel/ethernet_controller_i225-lm_firmware< 1.87

▶NVDintel/ethernet_adapter_complete_driver< 29.0.1

🔴Vulnerability Details

CVEList

CVE-2021-33162: Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated use↗2024-05-16

▶