cvelistv5 - CVE-2021-33149

CVE-2021-33149 (GCVE-0-2021-33149)

Vulnerability from cvelistv5 – Published: 2022-05-12 16:36 – Updated: 2025-05-05 16:47

Summary

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

information disclosure

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2022081…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:20.036Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220818-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-33149",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:20:48.683517Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:47:30.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-18T14:08:52.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220818-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2021-33149",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Processors",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See references"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220818-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220818-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2021-33149",
    "datePublished": "2022-05-12T16:36:05.000Z",
    "dateReserved": "2021-05-18T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:47:30.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:core_processors_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2762E765-9E1A-4500-A4E8-D11AC6393E84\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:core_processors:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B70FC84-662E-4FB3-9DC8-B419E25C20B6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:pentium_processors_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DF5960F-C6F8-4618-ACC5-393923DE7309\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:pentium_processors:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56FFCEC6-27E2-49D2-96D7-8550F3E0A131\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:celeron_processors_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABCFC60F-84E5-4196-ADDA-59970E2E6213\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:celeron_processors:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E17EE3B1-B545-4E8C-9758-7BC451796721\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:xeon_processors_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBCC8CD3-F2D7-4271-9E09-FF3E7DEA8FF2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_processors:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C91911E-C3E4-4816-9FAE-6B3FFD41CE8F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:itanium_processors_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D2A66EF-A3DF-4A52-BA95-372644E1D6C9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:itanium_processors:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A4E66A3-1274-4BB1-8547-7EAF298BAE67\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:atom_processors_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"177C9B59-458E-4813-BD92-51668FD069F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:atom_processors:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C34C2F90-436D-4A19-858D-C46A036A933A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:xeon_phi_processors_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B081F161-1EBE-44BA-BD10-18A375340296\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:xeon_phi_processors:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CDA7E48-86B6-4339-AD6F-E5440D9451CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:quark_soc_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F51437B7-3381-44DE-B0AF-8A4B8879A3A1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:quark_soc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FED30B0E-81A8-4E93-8570-0D104A3BE832\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.\"}, {\"lang\": \"es\", \"value\": \"Una discrepancia de comportamiento observable en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgaci\\u00f3n de informaci\\u00f3n por medio del acceso local\"}]",
      "id": "CVE-2021-33149",
      "lastModified": "2024-11-21T06:08:25.510",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-12T17:15:09.530",
      "references": "[{\"url\": \"https://security.netapp.com/advisory/ntap-20220818-0002/\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220818-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-33149\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2022-05-12T17:15:09.530\",\"lastModified\":\"2025-05-05T17:17:24.500\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.\"},{\"lang\":\"es\",\"value\":\"Una discrepancia de comportamiento observable en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio del acceso local\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:core_processors_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2762E765-9E1A-4500-A4E8-D11AC6393E84\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:core_processors:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B70FC84-662E-4FB3-9DC8-B419E25C20B6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:pentium_processors_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DF5960F-C6F8-4618-ACC5-393923DE7309\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:pentium_processors:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56FFCEC6-27E2-49D2-96D7-8550F3E0A131\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:celeron_processors_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABCFC60F-84E5-4196-ADDA-59970E2E6213\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:celeron_processors:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E17EE3B1-B545-4E8C-9758-7BC451796721\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_processors_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBCC8CD3-F2D7-4271-9E09-FF3E7DEA8FF2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_processors:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C91911E-C3E4-4816-9FAE-6B3FFD41CE8F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:itanium_processors_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D2A66EF-A3DF-4A52-BA95-372644E1D6C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:itanium_processors:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A4E66A3-1274-4BB1-8547-7EAF298BAE67\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:atom_processors_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"177C9B59-458E-4813-BD92-51668FD069F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:atom_processors:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C34C2F90-436D-4A19-858D-C46A036A933A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:xeon_phi_processors_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B081F161-1EBE-44BA-BD10-18A375340296\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:xeon_phi_processors:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CDA7E48-86B6-4339-AD6F-E5440D9451CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:quark_soc_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F51437B7-3381-44DE-B0AF-8A4B8879A3A1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:quark_soc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FED30B0E-81A8-4E93-8570-0D104A3BE832\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20220818-0002/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220818-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220818-0002/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T23:42:20.036Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-33149\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:20:48.683517Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-203\", \"description\": \"CWE-203 Observable Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:11:42.445Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) Processors\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references\"}]}], \"references\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220818-0002/\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"information disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2022-08-18T14:08:52.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"See references\"}]}, \"product_name\": \"Intel(R) Processors\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\", \"name\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220818-0002/\", \"name\": \"https://security.netapp.com/advisory/ntap-20220818-0002/\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"information disclosure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-33149\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@intel.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-33149\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T16:47:30.822Z\", \"dateReserved\": \"2021-05-18T00:00:00.000Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2022-05-12T16:36:05.000Z\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-444

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel Manageability Commander versions antérieures à 2.2
Intel In-Band Manageability versions antérieures à 2.13.0
Pilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et antérieures. Les pilotes Intel SGX ont été intégrés au noyau Linux depuis la version 5.11.
Intel Killer Control Center versions antérieures à 2.4.3337.0
Intel Advisor software versions antérieures à 7.6.0.37
Intel XTU software versions antérieures à 7.3.0.33

Se référer aux avis de l'éditeur pour les vulnérabilités concernant les micrologiciels et matériels Intel.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00663 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00654 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00519 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00595 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00648 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00614 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00661 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00613 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00617 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00563 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00586 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00616 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00549 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00644 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00601 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00603 du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel Manageability Commander versions ant\u00e9rieures \u00e0 2.2\u003c/li\u003e \u003cli\u003eIntel In-Band Manageability versions ant\u00e9rieures \u00e0 2.13.0\u003c/li\u003e \u003cli\u003ePilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et ant\u00e9rieures. Les pilotes Intel SGX ont \u00e9t\u00e9 int\u00e9gr\u00e9s au noyau Linux depuis la version 5.11.\u003c/li\u003e \u003cli\u003eIntel Killer Control Center versions ant\u00e9rieures \u00e0 2.4.3337.0\u003c/li\u003e \u003cli\u003eIntel Advisor software versions ant\u00e9rieures \u00e0 7.6.0.37\u003c/li\u003e \u003cli\u003eIntel XTU software versions ant\u00e9rieures \u00e0 7.3.0.33\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux avis de l\u0027\u00e9diteur pour les vuln\u00e9rabilit\u00e9s concernant les micrologiciels et mat\u00e9riels Intel.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-33117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33117"
    },
    {
      "name": "CVE-2021-33135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33135"
    },
    {
      "name": "CVE-2021-33075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33075"
    },
    {
      "name": "CVE-2021-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0155"
    },
    {
      "name": "CVE-2021-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0154"
    },
    {
      "name": "CVE-2022-21151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21151"
    },
    {
      "name": "CVE-2021-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0188"
    },
    {
      "name": "CVE-2021-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0159"
    },
    {
      "name": "CVE-2021-33080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33080"
    },
    {
      "name": "CVE-2021-33108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33108"
    },
    {
      "name": "CVE-2021-33103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33103"
    },
    {
      "name": "CVE-2021-33123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33123"
    },
    {
      "name": "CVE-2022-22139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22139"
    },
    {
      "name": "CVE-2021-33078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33078"
    },
    {
      "name": "CVE-2021-33122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33122"
    },
    {
      "name": "CVE-2021-26258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26258"
    },
    {
      "name": "CVE-2021-33130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33130"
    },
    {
      "name": "CVE-2022-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0005"
    },
    {
      "name": "CVE-2021-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0190"
    },
    {
      "name": "CVE-2022-24297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24297"
    },
    {
      "name": "CVE-2021-33082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33082"
    },
    {
      "name": "CVE-2021-33077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33077"
    },
    {
      "name": "CVE-2021-33124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33124"
    },
    {
      "name": "CVE-2021-33069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33069"
    },
    {
      "name": "CVE-2021-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0194"
    },
    {
      "name": "CVE-2021-33083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33083"
    },
    {
      "name": "CVE-2022-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21136"
    },
    {
      "name": "CVE-2021-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0126"
    },
    {
      "name": "CVE-2022-21237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21237"
    },
    {
      "name": "CVE-2021-33107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33107"
    },
    {
      "name": "CVE-2022-24382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24382"
    },
    {
      "name": "CVE-2021-33149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33149"
    },
    {
      "name": "CVE-2021-33074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33074"
    },
    {
      "name": "CVE-2022-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21131"
    },
    {
      "name": "CVE-2022-0004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0004"
    },
    {
      "name": "CVE-2022-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21128"
    },
    {
      "name": "CVE-2021-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0153"
    },
    {
      "name": "CVE-2021-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0193"
    },
    {
      "name": "CVE-2021-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0189"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-444",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00663 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00654 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00519 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00519.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00595 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00595.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00648 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00614 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00661 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00661.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00613 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00613.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00617 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00563 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00586 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00616 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00549 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00549.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00644 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00644.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00601 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00603 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html"
    }
  ]
}

CERTFR-2022-AVI-444

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel Manageability Commander versions antérieures à 2.2
Intel In-Band Manageability versions antérieures à 2.13.0
Pilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et antérieures. Les pilotes Intel SGX ont été intégrés au noyau Linux depuis la version 5.11.
Intel Killer Control Center versions antérieures à 2.4.3337.0
Intel Advisor software versions antérieures à 7.6.0.37
Intel XTU software versions antérieures à 7.3.0.33

Se référer aux avis de l'éditeur pour les vulnérabilités concernant les micrologiciels et matériels Intel.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00663 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00654 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00519 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00595 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00648 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00614 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00661 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00613 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00617 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00563 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00586 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00616 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00549 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00644 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00601 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00603 du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel Manageability Commander versions ant\u00e9rieures \u00e0 2.2\u003c/li\u003e \u003cli\u003eIntel In-Band Manageability versions ant\u00e9rieures \u00e0 2.13.0\u003c/li\u003e \u003cli\u003ePilotes du noyau Linux Intel SGX fournis par Intel versions 2.14 et ant\u00e9rieures. Les pilotes Intel SGX ont \u00e9t\u00e9 int\u00e9gr\u00e9s au noyau Linux depuis la version 5.11.\u003c/li\u003e \u003cli\u003eIntel Killer Control Center versions ant\u00e9rieures \u00e0 2.4.3337.0\u003c/li\u003e \u003cli\u003eIntel Advisor software versions ant\u00e9rieures \u00e0 7.6.0.37\u003c/li\u003e \u003cli\u003eIntel XTU software versions ant\u00e9rieures \u00e0 7.3.0.33\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux avis de l\u0027\u00e9diteur pour les vuln\u00e9rabilit\u00e9s concernant les micrologiciels et mat\u00e9riels Intel.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-33117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33117"
    },
    {
      "name": "CVE-2021-33135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33135"
    },
    {
      "name": "CVE-2021-33075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33075"
    },
    {
      "name": "CVE-2021-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0155"
    },
    {
      "name": "CVE-2021-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0154"
    },
    {
      "name": "CVE-2022-21151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21151"
    },
    {
      "name": "CVE-2021-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0188"
    },
    {
      "name": "CVE-2021-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0159"
    },
    {
      "name": "CVE-2021-33080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33080"
    },
    {
      "name": "CVE-2021-33108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33108"
    },
    {
      "name": "CVE-2021-33103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33103"
    },
    {
      "name": "CVE-2021-33123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33123"
    },
    {
      "name": "CVE-2022-22139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22139"
    },
    {
      "name": "CVE-2021-33078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33078"
    },
    {
      "name": "CVE-2021-33122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33122"
    },
    {
      "name": "CVE-2021-26258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26258"
    },
    {
      "name": "CVE-2021-33130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33130"
    },
    {
      "name": "CVE-2022-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0005"
    },
    {
      "name": "CVE-2021-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0190"
    },
    {
      "name": "CVE-2022-24297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24297"
    },
    {
      "name": "CVE-2021-33082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33082"
    },
    {
      "name": "CVE-2021-33077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33077"
    },
    {
      "name": "CVE-2021-33124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33124"
    },
    {
      "name": "CVE-2021-33069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33069"
    },
    {
      "name": "CVE-2021-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0194"
    },
    {
      "name": "CVE-2021-33083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33083"
    },
    {
      "name": "CVE-2022-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21136"
    },
    {
      "name": "CVE-2021-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0126"
    },
    {
      "name": "CVE-2022-21237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21237"
    },
    {
      "name": "CVE-2021-33107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33107"
    },
    {
      "name": "CVE-2022-24382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24382"
    },
    {
      "name": "CVE-2021-33149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33149"
    },
    {
      "name": "CVE-2021-33074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33074"
    },
    {
      "name": "CVE-2022-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21131"
    },
    {
      "name": "CVE-2022-0004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0004"
    },
    {
      "name": "CVE-2022-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21128"
    },
    {
      "name": "CVE-2021-0153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0153"
    },
    {
      "name": "CVE-2021-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0193"
    },
    {
      "name": "CVE-2021-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0189"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-444",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00663 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00663.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00654 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00519 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00519.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00595 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00595.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00648 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00614 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00614.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00661 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00661.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00613 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00613.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00617 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00563 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00563.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00586 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00616 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00616.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00549 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00549.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00644 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00644.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00601 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00603 du 10 mai 2022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html"
    }
  ]
}

FKIE_CVE-2021-33149

Vulnerability from fkie_nvd - Published: 2022-05-12 17:15 - Updated: 2025-05-05 17:17

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

References

URL	Tags
secure@intel.com	https://security.netapp.com/advisory/ntap-20220818-0002/	Third Party Advisory
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220818-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html	Vendor Advisory

Impacted products

Vendor	Product	Version
intel	core_processors_firmware	-
intel	core_processors	-
intel	pentium_processors_firmware	-
intel	pentium_processors	-
intel	celeron_processors_firmware	-
intel	celeron_processors	-
intel	xeon_processors_firmware	-
intel	xeon_processors	-
intel	itanium_processors_firmware	-
intel	itanium_processors	-
intel	atom_processors_firmware	-
intel	atom_processors	-
intel	xeon_phi_processors_firmware	-
intel	xeon_phi_processors	-
intel	quark_soc_firmware	-
intel	quark_soc	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:core_processors_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2762E765-9E1A-4500-A4E8-D11AC6393E84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:core_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B70FC84-662E-4FB3-9DC8-B419E25C20B6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:pentium_processors_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DF5960F-C6F8-4618-ACC5-393923DE7309",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:pentium_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56FFCEC6-27E2-49D2-96D7-8550F3E0A131",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:celeron_processors_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABCFC60F-84E5-4196-ADDA-59970E2E6213",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:celeron_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E17EE3B1-B545-4E8C-9758-7BC451796721",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:xeon_processors_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBCC8CD3-F2D7-4271-9E09-FF3E7DEA8FF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C91911E-C3E4-4816-9FAE-6B3FFD41CE8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:itanium_processors_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2A66EF-A3DF-4A52-BA95-372644E1D6C9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:itanium_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A4E66A3-1274-4BB1-8547-7EAF298BAE67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:atom_processors_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "177C9B59-458E-4813-BD92-51668FD069F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C34C2F90-436D-4A19-858D-C46A036A933A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:xeon_phi_processors_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B081F161-1EBE-44BA-BD10-18A375340296",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi_processors:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDA7E48-86B6-4339-AD6F-E5440D9451CC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:quark_soc_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F51437B7-3381-44DE-B0AF-8A4B8879A3A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:quark_soc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED30B0E-81A8-4E93-8570-0D104A3BE832",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
    },
    {
      "lang": "es",
      "value": "Una discrepancia de comportamiento observable en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente una divulgaci\u00f3n de informaci\u00f3n por medio del acceso local"
    }
  ],
  "id": "CVE-2021-33149",
  "lastModified": "2025-05-05T17:17:24.500",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-05-12T17:15:09.530",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220818-0002/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220818-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

ICSA-23-341-01

Vulnerability from csaf_cisa - Published: 2023-12-07 07:00 - Updated: 2023-12-07 07:00

Summary

Mitsubishi Electric FA Engineering Software Products

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities may allow a malicious attacker to disclose information in the affected products.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Recommended Practices

Do not click web links or open attachments in unsolicited email messages.

Recommended Practices

Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.

Recommended Practices

Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Mitsubishi Electric",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities may allow a malicious attacker to disclose information in the affected products.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Do not click web links or open attachments in unsolicited email messages.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-341-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-341-01.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-23-341-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Mitsubishi Electric FA Engineering Software Products",
    "tracking": {
      "current_release_date": "2023-12-07T07:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-23-341-01",
      "initial_release_date": "2023-12-07T07:00:00.000000Z",
      "revision_history": [
        {
          "date": "2023-12-07T07:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELIPC MI5122-VW: vers:all/*",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MELIPC MI5122-VW"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELIPC MI2012-W: vers:all/*",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MELIPC MI2012-W"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELIPC MI1002-W: vers:all/*",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "MELIPC MI1002-W"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELIPC MI3321G-W: vers:all/*",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "MELIPC MI3321G-W"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELIPC MI3315G-W: vers:all/*",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "MELIPC MI3315G-W"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELSEC iQ-R R102WCPU-W: vers:all/*",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC iQ-R R102WCPU-W"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELSEC Q Q24DHCCPU-V: vers:all/*",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC Q Q24DHCCPU-V"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELSEC Q Q24DHCCPU-VG: vers:all/*",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC Q Q24DHCCPU-VG"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELSEC Q Q24DHCCPU-LS: vers:all/*",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC Q Q24DHCCPU-LS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Mitsubishi Electric MELSEC Q Q26DHCCPU-LS: vers:all/*",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "MELSEC Q Q26DHCCPU-LS"
          }
        ],
        "category": "vendor",
        "name": "Mitsubishi Electric"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-21151",
      "cwe": {
        "id": "CWE-1037",
        "name": "Processor Optimization Removal or Modification of Security-critical Code"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product is vulnerable to processor optimization removal or modification of security critical code, which may allow a malicious attacker to disclose information in the affected products.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21151"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict physical access to the product by unauthorized users.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please contact your local Mitsubishi Electric representative for further questions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "For additional information see Mitsubishi Electric advisory 2023-017.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-017_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-33149",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected product is vulnerable to an observable discrepancy, which may allow a malicious attacker to disclose information in the affected products.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33149"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting these vulnerabilities:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        },
        {
          "category": "mitigation",
          "details": "Restrict physical access to the product by unauthorized users.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please contact your local Mitsubishi Electric representative for further questions.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ],
          "url": "https://www.mitsubishielectric.com/fa/support/index.html"
        },
        {
          "category": "mitigation",
          "details": "For additional information see Mitsubishi Electric advisory 2023-017.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ],
          "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-017_en.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010"
          ]
        }
      ]
    }
  ]
}

GHSA-M6P5-M5XH-8XGM

Vulnerability from github – Published: 2022-05-13 00:00 – Updated: 2025-05-05 18:31

Details

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-33149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-12T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
  "id": "GHSA-m6p5-m5xh-8xgm",
  "modified": "2025-05-05T18:31:59Z",
  "published": "2022-05-13T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33149"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220818-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-33149

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Aliases

CVE-2021-33149

Aliases

CVE-2021-33149

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-33149",
    "description": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
    "id": "GSD-2021-33149"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-33149"
      ],
      "details": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
      "id": "GSD-2021-33149",
      "modified": "2023-12-13T01:23:18.953247Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2021-33149",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) Processors",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "See references"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "information disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html",
            "refsource": "MISC",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20220818-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20220818-0002/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:core_processors_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:core_processors:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:pentium_processors_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:pentium_processors:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:celeron_processors_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:celeron_processors:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:xeon_processors_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_processors:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:itanium_processors_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:itanium_processors:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:atom_processors_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:atom_processors:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:xeon_phi_processors_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:xeon_phi_processors:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:quark_soc_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:quark_soc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2021-33149"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220818-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20220818-0002/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-10-26T22:48Z",
      "publishedDate": "2022-05-12T17:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-33149 (GCVE-0-2021-33149)

CERTFR-2022-AVI-444

Solution

CERTFR-2022-AVI-444

Solution

FKIE_CVE-2021-33149

ICSA-23-341-01

GHSA-M6P5-M5XH-8XGM

GSD-2021-33149

Tags

Sightings

Nomenclature