Insufficiently Protected Credentials in Intel AMT SDK and SCS Products
CVE-2021-33107

4.6MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Amt Sdk Before Version 16.0.3, Intel(r) Scs Before Version 12.2 And Intel(r) Mebx
Vendor: CVE Published:; 9 February 2022

Summary

The vulnerability is linked to insufficient security measures in USB provisioning processes for several Intel products, including the Intel AMT SDK, Intel SCS, and Intel MEBx. An unauthenticated user with physical access to these systems may exploit this weakness to gain unauthorized access, potentially leading to the disclosure of sensitive information. This flaw reinforces the need for robust security protocols in hardware management systems.

Affected Version(s)

Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_MISC

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
May 18, 2021