Details of VAR-202111-1191

ID

VAR-202111-1191

CVE

CVE-2021-33097

TITLE

Crypto API Toolkit for Intel(R) SGX In Time-of-check Time-of-use (TOCTOU) Race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-015253

DESCRIPTION

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. (DoS) It may be in a state. Intel Crypto Api Toolkit is an encryption Api toolkit of Intel Corporation. Interfaces for securely running key generation and cryptographic operations to enhance the security of data and key protection applications. Intel is releasing software updates to mitigate this potential vulnerability

Trust: 1.71

sources: NVD: CVE-2021-33097 // JVNDB: JVNDB-2021-015253 // VULHUB: VHN-393111

AFFECTED PRODUCTS

vendor:	intel	model:	crypto api toolkit for intel sgx	scope:	lt	version:	2021-08-02	Trust: 1.0
vendor:	インテル	model:	intel crypto api toolkit for intel sgx	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel crypto api toolkit for intel sgx	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015253 // NVD: CVE-2021-33097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33097
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33097
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202111-931
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393111
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33097
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393111
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33097
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33097
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393111 // JVNDB: JVNDB-2021-015253 // CNNVD: CNNVD-202111-931 // NVD: CVE-2021-33097

PROBLEMTYPE DATA

problemtype:	CWE-367	Trust: 1.1
problemtype:	Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393111 // JVNDB: JVNDB-2021-015253 // NVD: CVE-2021-33097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-931

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-931

PATCH

title:	INTEL-SA-00565	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00565.html	Trust: 0.8
title:	Intel Crypto Api Toolkit Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170249	Trust: 0.6

sources: JVNDB: JVNDB-2021-015253 // CNNVD: CNNVD-202111-931

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33097	Trust: 3.3
db:	JVN	id:	JVNVU91196719	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-015253	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-931	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.3723	Trust: 0.6
db:	VULHUB	id:	VHN-393111	Trust: 0.1

sources: VULHUB: VHN-393111 // JVNDB: JVNDB-2021-015253 // CNNVD: CNNVD-202111-931 // NVD: CVE-2021-33097

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00565.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33097	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91196719/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3723	Trust: 0.6

sources: VULHUB: VHN-393111 // JVNDB: JVNDB-2021-015253 // CNNVD: CNNVD-202111-931 // NVD: CVE-2021-33097

SOURCES

db:	VULHUB	id:	VHN-393111
db:	JVNDB	id:	JVNDB-2021-015253
db:	CNNVD	id:	CNNVD-202111-931
db:	NVD	id:	CVE-2021-33097

LAST UPDATE DATE

2024-08-14T12:16:50.646000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393111	date:	2021-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-015253	date:	2022-11-15T01:16:00
db:	CNNVD	id:	CNNVD-202111-931	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-33097	date:	2021-11-22T20:50:16.010

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393111	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-015253	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202111-931	date:	2021-11-10T00:00:00
db:	NVD	id:	CVE-2021-33097	date:	2021-11-17T20:15:10.067