Privilege Escalation Vulnerability in Intel Ethernet Adapters and Controllers
CVE-2021-33157

7.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Ethernet Adapters And Intel(r) Ethernet Controller I225 Manageability Firmware
Vendor: CVE Published:; 23 February 2024

Summary

A vulnerability exists due to insufficient control flow management in certain Intel Ethernet Adapters and the Intel Ethernet Controller I225 Manageability firmware. This flaw could allow a privileged user with local access to potentially escalate their privileges, leading to unauthorized actions on the system. The implications of this vulnerability emphasize the need for users and administrators to be vigilant in applying updates and patches from Intel's advisories to mitigate potential risks associated with this security concern.

Affected Version(s)

Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 23, 2024
Vulnerability Reserved
May 18, 2021