Privilege Escalation Vulnerability in Intel Ethernet Adapters and Controllers
CVE-2021-33145

7.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Ethernet Adapters And Intel(r) Ethernet Controller I225 Manageability Firmware
Vendor: CVE Published:; 23 February 2024

Summary

An exception handling flaw in specific Intel Ethernet Adapters and the Intel Ethernet Controller I225 Manageability firmware could allow a privileged user to escalate privileges through local access. This issue arises from an uncaught exception that may be exploited to gain elevated privileges within the affected systems. Organizations using these products should assess their security measures and consider implementing mitigation strategies to reduce potential risks associated with unauthorized privilege escalation.

Affected Version(s)

Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 23, 2024
Vulnerability Reserved
May 18, 2021