CVE-2021-33146
EUVD-2021-1986123.02.2024, 21:15
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| intel | ethernet_controller_i225-it_firmware | 𝑥 < 1.87 |
| intel | ethernet_controller_i225-lm_firmware | 𝑥 < 1.87 |
| intel | ethernet_controller_i225-v_firmware | 𝑥 < 1.87 |
| intel | ethernet_adapter_complete_driver | 𝑥 < 29.0.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| intel | ethernet_controller_i225_manageability_firmware | 𝑥 < nvm_version_1.87 | ADP |
| intel | ethernet_adapter | 𝑥 < 29.0.1 | ADP |
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.