Intel Security CenterINTEL:INTEL-SA-00479Intel® Ethernet Adapters 800 Series Advisory
0.001 Low
EPSS
Percentile
30.9%
Summary:
Potential security vulnerabilities in the firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters may allow denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.****
Vulnerability Details:
CVEID: CVE-2021-0004
Description: Improper buffer restrictions in the firmware of Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0005
Description: Uncaught exception in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H****
CVEID: CVE-2021-0006
Description: Improper conditions check in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H****
CVEID: CVE-2021-0007
Description: Uncaught exception in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local access.
CVSS Base Score: 4.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H****
CVEID: CVE-2021-0008
Description: Uncontrolled resource consumption in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access.
CVSS Base Score: 4.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H****
CVEID: CVE-2021-0009
Description: Out-of-bounds read in the firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L****
Affected Products:
Intel® Ethernet Adapters 800 Series Controllers and associated adapters before versions 1.5.1.0, 1.5.3.0 and 1.5.4.0.
Recommendations:
Intel recommends that users update firmware and software drivers to the latest version (see affected products).
Updates are available for download at this location: <https://downloadcenter.intel.com/product/36773/Ethernet-Products>
Acknowledgements:
These issues were found internally by Intel.****
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Related
