Privilege Escalation Vulnerability in Intel Ethernet Products
CVE-2021-33158

7.2HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Ethernet Adapters And Intel(r) Ethernet Controller I225 Manageability Firmware
Vendor: CVE Published:; 23 February 2024

What is CVE-2021-33158?

An issue has been identified in specific Intel Ethernet Adapters and the Intel Ethernet Controller I225, where improper neutralization in the firmware can be exploited by a privileged user. This vulnerability could allow an attacker with local access to the system to escalate their privileges, potentially leading to unauthorized actions or access within the system. System administrators and users employing affected hardware should ensure they are aware of this issue and consider the necessary configurations and updates provided by Intel to mitigate potential risks.

Affected Version(s)

Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2024
Vulnerability Reserved
May 18, 2021