Improper Access Control Vulnerability in Intel OFU Software
CVE-2021-33104

6.5MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Ofu Software
Vendor: CVE Published:; 16 February 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An improper access control vulnerability exists in the Intel OFU software, allowing authenticated users to exploit local access and enable a denial of service. This flaw affects versions prior to 14.1.28 and poses a risk for systems using the software, making it essential for users to update to the latest version to mitigate any potential threats.

Affected Version(s)

Intel(R) OFU software before version 14.1.28

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-33104
Created by rjt-gupta

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Mar 15, 2023
👾
Exploit known to exist
Mar 15, 2023
Vulnerability published
Feb 16, 2023
Vulnerability Reserved
May 18, 2021