Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00554
HistoryNov 09, 2021 - 12:00 a.m.

Intel® Ethernet Advisory

2021-11-0900:00:00
Intel Security Center
www.intel.com
7

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary:

Potential security vulnerabilities in firmware for some Intel® Ethernet controllers may allow denial of service or escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2021-0200

Description: Out-of-bounds write in the firmware for Intel® Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2021-0197

Description: Protection mechanism failure in the firmware for the Intel® Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to cause a denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H****

CVEID: CVE-2021-0198

Description: Improper access control in the firmware for the Intel® Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H****

CVEID: CVE-2021-0199

Description: Improper input validation in the firmware for the Intel® Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 3.4 Low

CVSS Vector:CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L****

Affected Products:

700-series Ethernet Adapters - Firmware versions as reported by the device, corresponding to the release are:

  • Software release version 26.0 == Device reports firmware 8.2, NVM version 8.20.

810-series Ethernet Adapters - Firmware versions as reported by the device, corresponding to the release versions in the CVEs are:

  • Software release version 26.3 == Device reports firmware 1.5.5.x NVM version 2.5.
  • Software release version 26.4 == Device reports firmware 1.6.0.x, NVM version 3.0.

Recommendations:

Intel recommends updating the above Intel® Ethernet Controller firmware to the latest versions.

Updates are available for download at this location: <https://downloadcenter.intel.com/product/36773/Ethernet-Products&gt;

Acknowledgements:

These issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

ibm 2
hp 1
prion 4
cvelist 4
nvd 4
cve 4
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in Intel Firmware affect Cloud Pak System
2023-03-16 15:02:28
Security Bulletin: Intel Ethernet controllers as used in IBM QRadar SIEM are vulnerable to a denial of service (CVE-2021-0197, CVE-2021-0198, CVE-2021-0199, CVE-2021-0200)
2023-02-16 15:31:02
hp
hp
Intel® Ethernet November 2021 Security Update
2021-11-09 00:00:00
prion
prion
Session fixation
2021-11-17 20:15:00
Cross site scripting
2021-11-17 20:15:00
Input validation
2021-11-17 20:15:00
cvelist
cvelist
CVE-2021-0197
2021-11-17 19:15:23
CVE-2021-0200
2021-11-17 19:14:27
CVE-2021-0199
2021-11-17 19:17:10
nvd
nvd
CVE-2021-0197
2021-11-17 20:15:09
CVE-2021-0200
2021-11-17 20:15:09
CVE-2021-0198
2021-11-17 20:15:09
cve
cve
CVE-2021-0200
2021-11-17 20:15:09
CVE-2021-0197
2021-11-17 20:15:09
CVE-2021-0199
2021-11-17 20:15:09

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for INTEL:INTEL-SA-00554
ibm2hp1prion4cvelist4nvd4cve4