CVE-2021-33107

moderate-risk

Published 2022-02-09

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.6/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Active Management Technology Software Development Kit

Setup And Configuration Software

Management Engine Bios Extension

Core I3 Firmware

Core I3-1000G1 Firmware

Core I3-1000G4 Firmware

Core I3-1000Ng4 Firmware

Core I3-1005G1 Firmware

Core I3-10100 Firmware

Core I3-10100E Firmware

Core I3-10100F Firmware

Core I3-10100T Firmware

Core I3-10100Te Firmware

Core I3-10100Y Firmware

Core I3-10105 Firmware

Core I3-10105F Firmware

Core I3-10105T Firmware

Core I3-10110U Firmware

Core I3-10110Y Firmware

Core I3-10300 Firmware

Affected Vendors

Intel

References (4)

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575....

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601....

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575....

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601....

/ 100

moderate-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical