Main Vulnerability Database Vulnerabilities #VU60479

#VU60479 Insufficiently protected credentials in Intel products - CVE-2021-33107

Published: February 9, 2022

Vulnerability identifier: #VU60479

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-33107

CWE-ID: CWE-522

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Active Management Technology SDK
Intel Setup and Configuration Software (SCS)
Intel Management Engine BIOS eXtensions (MEBx)
Intel 500 series chipset
Intel 400 Series Chipset
8th Generation Intel Core Processors
Pentium Gold processor series (G54XXU)
Intel Celeron Processor 4000 Series
Intel 300 Series Chipset
Intel C240 Series Chipset
Intel 200 Series Chipset
Intel 100 Series Chipset
Intel C230 series chipset
Intel C420 Chipset
Intel C620 Series Chipset

Software vendor:
Intel

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials in USB provisioning. An attacker with physical access can obtain credentials and gain elevated privileges on the system.

Remediation

Install updates from vendor's website.

External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.html

#VU60479 Insufficiently protected credentials in Intel products - CVE-2021-33107

Description

Remediation

External links

Please verify you're human