Vulnerability in Intel Ethernet Controller firmware (CVE-2021-33126)

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-068 CVE-2021-33126 12/10/2021 medium v1

Vulnerability details

Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet
Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access.

 

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted

Revisions

Version Date Description
v1  12/10/2021 Initial release
v2  24/03/2023 Public release


Stormshield Network Security

CVSS v3.1 Overall Score: 5.8      

Analysis

Impacted version

This vulnerability could allow an attacker with a local access (ability to run on SNS his own code or script) to the appliance to potentially enable denial of service.

As this vulnerability can only be exploited locally, it can not provide an external attacker access to an SNS appliance.

On SNS, local access are only granted to user with the highest privileges. Therefore an exploitation of this vulnerability is useless to a SNS local user.

  • SNS 3.0.0 to 3.7.27
  • SNS 3.8.0 to 3.11.15
  • SNS 4.0.0 to 4.2.11
  • SNS 4.3.0 to 4.3.7

Workaround solution

Solution

In order to mitigate the risk of exploitation keep your appliance updated.

The following versions fix this vulnerability:

  • 3.7.27
  • 3.11.15
  • 4.2.11
  • 4.3.7
  • 4.4.0


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local Low High None Unchanged None Low High
CVSS Base score: 5.1 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 4.5 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 5.8 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)