Details of VAR-202111-1314

ID

VAR-202111-1314

CVE

CVE-2021-33118

TITLE

Intel(R) Serial IO driver for Intel(R) NUC 11 Gen Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015251

DESCRIPTION

Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Serial IO driver for Intel(R) NUC 11 Gen Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-33118 // JVNDB: JVNDB-2021-015251 // VULHUB: VHN-393132

AFFECTED PRODUCTS

vendor:	intel	model:	serial io driver for intel nuc 11 gen	scope:	lt	version:	30.100.2104.1	Trust: 1.0
vendor:	インテル	model:	intel serial io driver for intel nuc 11 gen	scope:	eq	version:	30.100.2104.1	Trust: 0.8
vendor:	インテル	model:	intel serial io driver for intel nuc 11 gen	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015251 // NVD: CVE-2021-33118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33118
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33118
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202111-953
value:	HIGH
Trust: 0.6
VULHUB:	VHN-393132
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33118
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393132
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33118
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33118
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393132 // JVNDB: JVNDB-2021-015251 // CNNVD: CNNVD-202111-953 // NVD: CVE-2021-33118

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-393132 // JVNDB: JVNDB-2021-015251 // NVD: CVE-2021-33118

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-953

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202111-953

PATCH

title:	INTEL-SA-00560	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00560.html	Trust: 0.8
title:	Intel NUC Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171086	Trust: 0.6

sources: JVNDB: JVNDB-2021-015251 // CNNVD: CNNVD-202111-953

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33118	Trust: 3.3
db:	JVN	id:	JVNVU91196719	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-015251	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3738	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-953	Trust: 0.6
db:	VULHUB	id:	VHN-393132	Trust: 0.1

sources: VULHUB: VHN-393132 // JVNDB: JVNDB-2021-015251 // CNNVD: CNNVD-202111-953 // NVD: CVE-2021-33118

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00560.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33118	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu91196719/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3738	Trust: 0.6

sources: VULHUB: VHN-393132 // JVNDB: JVNDB-2021-015251 // CNNVD: CNNVD-202111-953 // NVD: CVE-2021-33118

SOURCES

db:	VULHUB	id:	VHN-393132
db:	JVNDB	id:	JVNDB-2021-015251
db:	CNNVD	id:	CNNVD-202111-953
db:	NVD	id:	CVE-2021-33118

LAST UPDATE DATE

2024-08-14T12:24:04.031000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393132	date:	2022-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-015251	date:	2022-11-15T01:02:00
db:	CNNVD	id:	CNNVD-202111-953	date:	2021-11-24T00:00:00
db:	NVD	id:	CVE-2021-33118	date:	2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393132	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-015251	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202111-953	date:	2021-11-10T00:00:00
db:	NVD	id:	CVE-2021-33118	date:	2021-11-17T20:15:10.160