Vulnerability CVE-2021-33107
Published: 2022-02-09   Modified: 2022-02-10

Description:
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Type:

CWE-522

 (Insufficiently Protected Credentials)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Intel -> Active management technology software development kit 
Intel -> Setup and configuration software 

 References:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.html
Copyright 2024, cxsecurity.com

 

Back to Top