CVE-2021-33117

Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html	Vendor Advisory
https://security.netapp.com/advisory/ntap-20220818-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:bios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:xeon_gold_5318h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6328h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8353h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8354h:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6348h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8376h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8356h:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360hl:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6328hl:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8376hl:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380hl:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8351n:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352y:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8358:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8380:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6346:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6348:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352s:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352v:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8358p:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8368:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8368q:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6314u:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6330:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6354:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360y:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4314:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4316:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5317:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318n:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318s:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5318y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320t:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6312u:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6326:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6334:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6336y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6338t:-:::::::*
	cpe:2.3:h:intel:xeon_gold_6342:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4309y:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4310:-:::::::*
	cpe:2.3:h:intel:xeon_silver_4310t:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5315y:-:::::::*
	cpe:2.3:h:intel:xeon_gold_5320:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8352m:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8362:-:::::::*
	cpe:2.3:h:intel:xeon_platinum_8360h:-:::::::*

Configuration 2 (hide)

cpe:2.3:o:netapp:fas\/aff_bios:-:*:*:*:*:*:*:*

Information

Published : 2022-05-12 10:15

Updated : 2022-10-26 15:48

NVD link : CVE-2021-33117

Mitre link : CVE-2021-33117

JSON object : View

CWE

NVD-CWE-Other

Products Affected

intel

xeon_gold_6328h
xeon_platinum_8351n
xeon_gold_5320
xeon_gold_6346
xeon_platinum_8360y
xeon_platinum_8352m
xeon_platinum_8360h
xeon_gold_6328hl
xeon_gold_6330h
xeon_platinum_8360hl
xeon_silver_4310
xeon_gold_5318y
xeon_gold_5315y
xeon_platinum_8380
xeon_silver_4310t
xeon_platinum_8368q
xeon_gold_6336y
xeon_platinum_8358
xeon_platinum_8356h
xeon_gold_6354
xeon_gold_6348
xeon_silver_4316
xeon_gold_5320t
xeon_gold_6312u
xeon_gold_6326
xeon_platinum_8362
bios
xeon_gold_6342
xeon_gold_6338n
xeon_silver_4309y
xeon_silver_4314
xeon_platinum_8353h
xeon_platinum_8352y
xeon_gold_5318h
xeon_platinum_8352v
xeon_gold_6330
xeon_gold_6334
xeon_gold_6330n
xeon_platinum_8358p
xeon_platinum_8352s
xeon_gold_6348h
xeon_gold_5318n
xeon_platinum_8380h
xeon_platinum_8380hl
xeon_platinum_8354h
xeon_gold_6338
xeon_gold_5318s
xeon_gold_6314u
xeon_gold_5320h
xeon_gold_5317
xeon_gold_6338t
xeon_platinum_8376h
xeon_platinum_8376hl
xeon_platinum_8368

netapp

fas\/aff_bios

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20220818-0001/", "name": "https://security.netapp.com/advisory/ntap-20220818-0001/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-33117", "ASSIGNER": "secure@intel.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2022-05-12T17:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:intel:bios:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "mr7"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:netapp:fas\\/aff_bios:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-10-26T22:48Z"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-33117

5.5^/10

2.1^/10

Attach tags to `CVE-2021-33117`