Details of VAR-202111-1203

ID

VAR-202111-1203

CVE

CVE-2021-33073

TITLE

Intel(R) Distribution of OpenVINO Toolkit Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015254

DESCRIPTION

Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. Intel(R) Distribution of OpenVINO Toolkit Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Intel Distribution of OpenVINO(TM) Toolkit is an application and solution developed by Intel Corporation of the United States that uses deep learning intelligence. Based on convolutional neural networks (CNNs), the toolkit scales workloads across Intel® hardware, including accelerators, and maximizes performance

Trust: 1.71

sources: NVD: CVE-2021-33073 // JVNDB: JVNDB-2021-015254 // VULHUB: VHN-393087

AFFECTED PRODUCTS

vendor:	intel	model:	distribution of openvino toolkit	scope:	lt	version:	2021.4	Trust: 1.0
vendor:	インテル	model:	intel distribution of openvino toolkit	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	intel distribution of openvino toolkit	scope:	eq	version:	2021.4	Trust: 0.8

sources: JVNDB: JVNDB-2021-015254 // NVD: CVE-2021-33073

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33073
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33073
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202111-922
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393087
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-33073
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393087
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33073
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33073
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393087 // JVNDB: JVNDB-2021-015254 // CNNVD: CNNVD-202111-922 // NVD: CVE-2021-33073

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393087 // JVNDB: JVNDB-2021-015254 // NVD: CVE-2021-33073

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-922

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202111-922

PATCH

title:	INTEL-SA-00538	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00538.html	Trust: 0.8
title:	Intel Distribution of OpenVINO(TM) Toolkit Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170927	Trust: 0.6

sources: JVNDB: JVNDB-2021-015254 // CNNVD: CNNVD-202111-922

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33073	Trust: 3.3
db:	JVN	id:	JVNVU91196719	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-015254	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-922	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.3725	Trust: 0.6
db:	VULHUB	id:	VHN-393087	Trust: 0.1

sources: VULHUB: VHN-393087 // JVNDB: JVNDB-2021-015254 // CNNVD: CNNVD-202111-922 // NVD: CVE-2021-33073

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00538.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33073	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91196719/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3725	Trust: 0.6

sources: VULHUB: VHN-393087 // JVNDB: JVNDB-2021-015254 // CNNVD: CNNVD-202111-922 // NVD: CVE-2021-33073

SOURCES

db:	VULHUB	id:	VHN-393087
db:	JVNDB	id:	JVNDB-2021-015254
db:	CNNVD	id:	CNNVD-202111-922
db:	NVD	id:	CVE-2021-33073

LAST UPDATE DATE

2024-08-14T12:42:00.810000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393087	date:	2021-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-015254	date:	2022-11-15T01:22:00
db:	CNNVD	id:	CNNVD-202111-922	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-33073	date:	2021-11-22T19:44:34.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393087	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-015254	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202111-922	date:	2021-11-10T00:00:00
db:	NVD	id:	CVE-2021-33073	date:	2021-11-17T20:15:10.020