CVE-2021-33107

MEDIUM

Intel(R) AMT SDK <16.0.3 - Info Disclosure

Title source: llm

Description

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

References (2)

[Patch, Vendor Advisory] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.html

[Patch, Vendor Advisory] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html

Scores

CVSS v3 4.6

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (50)

intel/active_management_technology_software_development_kit < 16.0.3

intel/setup_and_configuration_software < 12.2

intel/management_engine_bios_extension < 15.0.0.0004

intel/core_i3_firmware

intel/core_i3-1000g1_firmware

intel/core_i3-1000g4_firmware

intel/core_i3-1000ng4_firmware

intel/core_i3-1005g1_firmware

intel/core_i3-10100_firmware

intel/core_i3-10100e_firmware

intel/core_i3-10100f_firmware

intel/core_i3-10100t_firmware

intel/core_i3-10100te_firmware

intel/core_i3-10100y_firmware

intel/core_i3-10105_firmware

... and 35 more

Timeline

Published Feb 09, 2022

Tracked Since Feb 18, 2026