Details of VAR-202202-0460

ID

VAR-202202-0460

CVE

CVE-2021-33101

TITLE

Intel(R) GPA Uncontrolled Search Path Element Vulnerability in Software

Trust: 0.8

sources: JVNDB: JVNDB-2022-005233

DESCRIPTION

Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state. Intel Graphics Performance Analyzers (Intel Gpa) is a graphics performance analyzer from Intel Corporation of the United States

Trust: 1.71

sources: NVD: CVE-2021-33101 // JVNDB: JVNDB-2022-005233 // VULHUB: VHN-393115

AFFECTED PRODUCTS

vendor:	intel	model:	graphics performance analyzers	scope:	lt	version:	21.2	Trust: 1.0
vendor:	インテル	model:	graphics performance analyzer	scope:	eq	version:	21.2	Trust: 0.8
vendor:	インテル	model:	graphics performance analyzer	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005233 // NVD: CVE-2021-33101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33101
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-33101
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202202-747
value:	HIGH
Trust: 0.6
VULHUB:	VHN-393115
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-33101
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393115
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33101
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33101
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393115 // JVNDB: JVNDB-2022-005233 // CNNVD: CNNVD-202202-747 // NVD: CVE-2021-33101

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393115 // JVNDB: JVNDB-2022-005233 // NVD: CVE-2021-33101

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-747

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202202-747

PATCH

title:	INTEL-SA-00574	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00574.html	Trust: 0.8
title:	Intel Graphics Performance Analyzers Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182185	Trust: 0.6

sources: JVNDB: JVNDB-2022-005233 // CNNVD: CNNVD-202202-747

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33101	Trust: 3.3
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005233	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-747	Trust: 0.7
db:	CS-HELP	id:	SB2022020925	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0541	Trust: 0.6
db:	VULHUB	id:	VHN-393115	Trust: 0.1

sources: VULHUB: VHN-393115 // JVNDB: JVNDB-2022-005233 // CNNVD: CNNVD-202202-747 // NVD: CVE-2021-33101

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00574.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33101	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.0541	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022020925	Trust: 0.6

sources: VULHUB: VHN-393115 // JVNDB: JVNDB-2022-005233 // CNNVD: CNNVD-202202-747 // NVD: CVE-2021-33101

SOURCES

db:	VULHUB	id:	VHN-393115
db:	JVNDB	id:	JVNDB-2022-005233
db:	CNNVD	id:	CNNVD-202202-747
db:	NVD	id:	CVE-2021-33101

LAST UPDATE DATE

2024-08-14T12:10:10.854000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393115	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005233	date:	2023-05-24T05:48:00
db:	CNNVD	id:	CNNVD-202202-747	date:	2022-02-25T00:00:00
db:	NVD	id:	CVE-2021-33101	date:	2022-02-15T17:51:23.857

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393115	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005233	date:	2023-05-24T00:00:00
db:	CNNVD	id:	CNNVD-202202-747	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-33101	date:	2022-02-09T23:15:15.307