Vulnerability Description
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Ethernet Controller I225-It Firmware | < 1.87 |
| Intel | Ethernet Controller I225-It | - |
| Intel | Ethernet Controller I225-Lm Firmware | < 1.87 |
| Intel | Ethernet Controller I225-Lm | - |
| Intel | Ethernet Controller I225-V Firmware | < 1.87 |
| Intel | Ethernet Controller I225-V | - |
| Intel | Ethernet Adapter Complete Driver | < 29.0.1 |
Related Weaknesses (CWE)
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.Vendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.Vendor Advisory
FAQ
What is CVE-2021-33146?
CVE-2021-33146 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure...
How severe is CVE-2021-33146?
CVE-2021-33146 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33146?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Ethernet Controller I225-It Firmware, Intel Ethernet Controller I225-It, Intel Ethernet Controller I225-Lm Firmware, Intel Ethernet Controller I225-Lm, Intel Ethernet Controller I225-V Firmware.