CVE-2021-33107
Severity CVSS v4.0:
Pending analysis
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
09/02/2022
Last modified:
05/05/2025
Description
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.
Impact
Base Score 3.x
4.60
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:intel:active_management_technology_software_development_kit:*:*:*:*:*:*:*:* | 16.0.3 (excluding) | |
| cpe:2.3:a:intel:setup_and_configuration_software:*:*:*:*:*:*:*:* | 12.2 (excluding) | |
| cpe:2.3:a:intel:management_engine_bios_extension:*:*:*:*:*:*:*:* | 15.0.0.0004 (excluding) | |
| cpe:2.3:h:intel:b560:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:h510:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:h570:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:q570:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:w580:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:z590:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:intel:management_engine_bios_extension:*:*:*:*:*:*:*:* | 14.0.0.0004 (excluding) | |
| cpe:2.3:h:intel:b460:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:h410:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:h420e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:h470:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:intel:q470:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html