Details of VAR-202202-0457

ID

VAR-202202-0457

CVE

CVE-2021-33166

TITLE

Intel(R) RXT for Chromebook application Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005084

DESCRIPTION

Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) RXT for Chromebook application There is a vulnerability in improper default permissions.Information may be obtained. Intel Rxt For Chromebook is an Intel Rxt application for Chromebook from Intel Corporation. Attackers can exploit this vulnerability to cause information disclosure

Trust: 1.71

sources: NVD: CVE-2021-33166 // JVNDB: JVNDB-2022-005084 // VULHUB: VHN-393180

AFFECTED PRODUCTS

vendor:	intel	model:	retail experience tool	scope:	eq	version:	-	Trust: 1.0
vendor:	インテル	model:	retail experience tool	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	retail experience tool	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005084 // NVD: CVE-2021-33166

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33166
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33166
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-751
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393180
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-33166
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393180
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33166
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33166
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393180 // JVNDB: JVNDB-2022-005084 // CNNVD: CNNVD-202202-751 // NVD: CVE-2021-33166

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393180 // JVNDB: JVNDB-2022-005084 // NVD: CVE-2021-33166

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-751

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-751

PATCH

title:	INTEL-SA-00599	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00599.html	Trust: 0.8
title:	Intel RXT for Chromebook Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182187	Trust: 0.6

sources: JVNDB: JVNDB-2022-005084 // CNNVD: CNNVD-202202-751

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33166	Trust: 3.3
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005084	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-751	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0547	Trust: 0.6
db:	CS-HELP	id:	SB2022020918	Trust: 0.6
db:	VULHUB	id:	VHN-393180	Trust: 0.1

sources: VULHUB: VHN-393180 // JVNDB: JVNDB-2022-005084 // CNNVD: CNNVD-202202-751 // NVD: CVE-2021-33166

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00599.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33166	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020918	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0547	Trust: 0.6

sources: VULHUB: VHN-393180 // JVNDB: JVNDB-2022-005084 // CNNVD: CNNVD-202202-751 // NVD: CVE-2021-33166

SOURCES

db:	VULHUB	id:	VHN-393180
db:	JVNDB	id:	JVNDB-2022-005084
db:	CNNVD	id:	CNNVD-202202-751
db:	NVD	id:	CVE-2021-33166

LAST UPDATE DATE

2024-08-14T13:01:10.052000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393180	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005084	date:	2023-05-17T08:35:00
db:	CNNVD	id:	CNNVD-202202-751	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-33166	date:	2022-02-15T16:36:04.643

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393180	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005084	date:	2023-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202202-751	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-33166	date:	2022-02-09T23:15:15.857