CVE-2021-33076
MEDIUMCVSS 6.8/10EPSS 0.28%
Last modified
CVE-2021-33076 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.. EPSS estimates a 0.28% chance of exploitation in the next 30 days.
Description
Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Intel | Ssd 600p Firmware | < 122c |
| Intel | Ssd 660p Firmware | < 005c |
| Intel | Ssd 665p Firmware | < 002c |
| Intel | Ssd 670p Firmware | < 003c |
| Intel | Ssd 700p Firmware | < 005c |
| Intel | Ssd 760p Firmware | < 006c |
| Intel | Ssd D3-S4510 M.2 Firmware | < xc311132 |
| Intel | Ssd Dc P4510 Sff Firmware | < vdv10184 |
| Intel | Ssd D3-S4610 M.2 Firmware | < xc311132 |
| Intel | Ssd Dc P4610 Sff Firmware | < vdv10184 |
| Intel | Ssd D5-P4326 Firmware | < 8dv1md58 |
| Intel | Ssd D5-P5316 Firmware | < acv10200 |
| Intel | Ssd D7 P5510 Firmware | < jcv10200 |
| Intel | Ssd D7 P5600 Firmware | All versions |
| Intel | Ssd Dc D4512 Firmware | < vpv1et0k |
| Intel | Ssd Dc P3100 Firmware | < 119d |
| Intel | Ssd Dc P4101 Firmware | < 009d |
| Intel | Ssd Dc P4500 Firmware | < qdv101b1 |
| Intel | Ssd Dc P4501 Firmware | < qdv101b1 |
| Intel | Ssd Dc P4510 Edsff Firmware | < vev10284 |
| Intel | Ssd Dc P4511 Edsff Firmware | < vev10284 |
| Intel | Ssd Dc P4511 M.2 Firmware | < vdc1lz37 |
| Intel | Ssd Dc P4600 Firmware | < qdv101b1 |
| Intel | Ssd Dc P4608 Firmware | < qdv101b1 |
| Intel | Ssd Dc S4500 Firmware | < scv10150 |
| Intel | Ssd Dc S4600 Firmware | < scv10150 |
| Intel | Ssd E 6000p Firmware | < 122e |
| Intel | Ssd E 6100p Firmware | < 006e |
| Intel | Ssd Pro 6000p Firmware | < 132p |
| Intel | Ssd Pro 7600p Firmware | < 006p |
References
- https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdfMitigation, Vendor Advisory
- https://www.solidigm.com/content/dam/newco-aem-site/master/site/support/Solidigm%20SA-000563%20rev1.1.pdfMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-33076?
Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
How severe is CVE-2021-33076?
CVE-2021-33076 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.28% probability of exploitation in the next 30 days.
How do I fix CVE-2021-33076?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-33076?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST