CVE-2021-33060

CVSS V2 None CVSS V3 High 7.8
Description
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
Overview
  • CVE ID
  • CVE-2021-33060
  • Assigner
  • secure@intel.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-08-18T20:15:09
  • Last Modified Date
  • 2022-10-29T02:52:18
Weakness Enumerations
CWE URL
CWE-787 http://cwe.mitre.org/data/definitions/787.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:intel:xeon_gold_5315y_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5315y:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5317_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5317:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5318n_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5318n:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5318s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5318s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5318y_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5318y:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5320_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5320:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5320t_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5320t:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6312u_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6312u:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6314u_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6314u:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6326_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6326:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6330_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6330:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6330n_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6330n:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6334_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6334:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6336y_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6336y:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6338_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6338:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6338n_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6338n:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6338t_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6338t:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6342_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6342:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6346_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6346:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6348_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6348:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6354_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6354:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8351n_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8351n:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8352m_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8352m:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8352s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8352s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8352v_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8352v:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8352y_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8352y:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8358_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8358:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8358p_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8358p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8360y_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8360y:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8362_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8362:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8368_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8368:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8368q_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8368q:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8380_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8380:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_silver_4309y_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_silver_4309y:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_silver_4310_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_silver_4310:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_silver_4310t_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_silver_4310t:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_silver_4314_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_silver_4314:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_silver_4316_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_silver_4316:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6330h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6330h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8356h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8356h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8360h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8360h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8360hl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8360hl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5318h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5318h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_5320h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_5320h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6328h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6328h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6328hl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6328hl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_gold_6348h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_gold_6348h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8353h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8353h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8354h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8354h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8376h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8376h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8376hl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8376hl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8380h_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8380h:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intel:xeon_platinum_8380hl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intel:xeon_platinum_8380hl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_c190_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_c190:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a200_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a220_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a220:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a300_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a320_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a320:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a700_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a800_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a800:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:aff_a900_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:aff_a900:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas500f_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas500f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas2600_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas2600:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas2700_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas2700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas8200_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas8200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas9000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas9000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:fas9500_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:netapp:fas9500:-:*:*:*:*:*:*:* 0 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://security.netapp.com/advisory/ntap-20220930-0004/ Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-33060
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33060
History
Created Old Value New Value Data Type Notes
2022-08-18 21:00:15 Added to TrackCVE