Details of VAR-202202-0480

ID

VAR-202202-0480

CVE

CVE-2021-33147

TITLE

Intel(R) IPP Crypto library Vulnerability in checking for exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005126

DESCRIPTION

Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) IPP Crypto library Exists in an exceptional condition check vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-33147 // JVNDB: JVNDB-2022-005126 // VULHUB: VHN-393161

AFFECTED PRODUCTS

vendor:	intel	model:	integrated performance primitives cryptography	scope:	lt	version:	2021.2	Trust: 1.0
vendor:	インテル	model:	intel integrated performance primitives	scope:	eq	version:	cryptography 2021.2	Trust: 0.8
vendor:	インテル	model:	intel integrated performance primitives	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005126 // NVD: CVE-2021-33147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-33147
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-33147
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-710
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-393161
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-33147
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-393161
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-33147
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-33147
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-393161 // JVNDB: JVNDB-2022-005126 // CNNVD: CNNVD-202202-710 // NVD: CVE-2021-33147

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.1
problemtype:	Improper checking in exceptional conditions (CWE-754) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-393161 // JVNDB: JVNDB-2022-005126 // NVD: CVE-2021-33147

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-710

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202202-710

PATCH

title:	INTEL-SA-00600	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html	Trust: 0.8
title:	Intel Integrated Performance Primitives Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182184	Trust: 0.6

sources: JVNDB: JVNDB-2022-005126 // CNNVD: CNNVD-202202-710

EXTERNAL IDS

db:	NVD	id:	CVE-2021-33147	Trust: 3.3
db:	JVN	id:	JVNVU99045838	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-005126	Trust: 0.8
db:	LENOVO	id:	LEN-76842	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0542	Trust: 0.6
db:	CS-HELP	id:	SB2022020917	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-710	Trust: 0.6
db:	VULHUB	id:	VHN-393161	Trust: 0.1

sources: VULHUB: VHN-393161 // JVNDB: JVNDB-2022-005126 // CNNVD: CNNVD-202202-710 // NVD: CVE-2021-33147

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33147	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu99045838	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022020917	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0542	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-76842	Trust: 0.6

sources: VULHUB: VHN-393161 // JVNDB: JVNDB-2022-005126 // CNNVD: CNNVD-202202-710 // NVD: CVE-2021-33147

SOURCES

db:	VULHUB	id:	VHN-393161
db:	JVNDB	id:	JVNDB-2022-005126
db:	CNNVD	id:	CNNVD-202202-710
db:	NVD	id:	CVE-2021-33147

LAST UPDATE DATE

2024-08-14T12:09:27.817000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-393161	date:	2022-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-005126	date:	2023-05-18T08:12:00
db:	CNNVD	id:	CNNVD-202202-710	date:	2022-02-16T00:00:00
db:	NVD	id:	CVE-2021-33147	date:	2022-02-15T16:51:32.753

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-393161	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005126	date:	2023-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202202-710	date:	2022-02-08T00:00:00
db:	NVD	id:	CVE-2021-33147	date:	2022-02-09T23:15:15.783