CVE-2021-33164 - OpenCVE

Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Nuc 8 Mainstream-g Kit Nuc8i5inh Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware Nuc 8 Mainstream-g Kit Nuc8i7inh Nuc 8 Mainstream-g Kit Nuc8i7inh Firmware Nuc 8 Mainstream-g Mini Pc Nuc8i5inh Nuc 8 Mainstream-g Mini Pc Nuc8i5inh Firmware Nuc 8 Mainstream-g Mini Pc Nuc8i7inh Nuc 8 Mainstream-g Mini Pc Nuc8i7inh Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html
https://www.kb.cert.org/vuls/id/434994

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2022-11-11T15:48:49.297Z

Updated: 2024-08-03T23:42:20.052Z

Reserved: 2021-05-18T00:31:17.250Z

Link: CVE-2021-33164

Vulnrichment

Updated: 2024-07-31T20:09:48.272Z

NVD

Status : Analyzed

Published: 2022-11-11T16:15:11.543

Modified: 2022-11-17T13:53:14.713

Link: CVE-2021-33164

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-33164", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2021-05-18T00:31:17.250Z", "datePublished": "2022-11-11T15:48:49.297Z", "dateUpdated": "2024-08-03T23:42:20.052Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2022-11-14T17:46:16.495Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUCs", "versions": [{"version": "before version INWHL357.0046", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/434994"}, {"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:42:20.052Z"}}, {"affected": [{"vendor": "bios_firmware", "product": "intel_r_nucs", "cpes": ["cpe:2.3:h:bios_firmware:intel_r_nucs:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "nwhl357.0046", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T14:30:53.127167Z", "id": "CVE-2021-33164", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:47:52.170Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/434994"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-07-31T20:09:48.272Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-33164", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T14:30:53.127167Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:bios_firmware:intel_r_nucs:*:*:*:*:*:*:*:*"], "vendor": "bios_firmware", "product": "intel_r_nucs", "versions": [{"status": "affected", "version": "0", "lessThan": "nwhl357.0046", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T14:47:44.069Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) NUCs", "versions": [{"status": "affected", "version": "before version INWHL357.0046"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "descriptions": [{"lang": "en", "value": "Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2022-11-14T17:46:16.495Z"}}}, "cveMetadata": {"cveId": "CVE-2021-33164", "state": "PUBLISHED", "dateUpdated": "2024-08-01T14:47:52.170Z", "dateReserved": "2021-05-18T00:31:17.250Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2022-11-11T15:48:49.297Z", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E4D25AC-ABEE-46C7-9614-12EEBE46535B", "versionEndExcluding": "inwhl357.0046", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE7FB4D7-3AED-4BBD-9655-6C300FC08218", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C95830C-C4FF-4D51-A53A-95E63AA25C34", "versionEndExcluding": "inwhl357.0046", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i7inh:-:*:*:*:*:*:*:*", "matchCriteriaId": "13AA1F39-F562-4CB9-A9EF-BE4213E809B3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CB14F44-EEC2-4960-AAF5-181B4766C05B", "versionEndExcluding": "inwhl357.0046", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:*", "matchCriteriaId": "18330FCA-FFDE-4B0E-8703-1DAE0633C053", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B3C3567-466F-4372-8650-BAEA644F44DD", "versionEndExcluding": "inwhl357.0046", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_mini_pc_nuc8i5inh:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E95098F-4682-4645-A61F-15BDAA5A54BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Un control de acceso inadecuado en el firmware del BIOS para algunos Intel(R) NUC anteriores a la versi\u00f3n INWHL357.0046 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2021-33164", "lastModified": "2022-11-17T13:53:14.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2022-11-11T16:15:11.543", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}