CVE-2021-33107

Name: CVE-2021-33107
Creator: NVD / NIST
Published: 2022-02-09T23:15:15.387+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.6/10EPSS 0.25%

Last modified Jun 17, 2026

CVE-2021-33107 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.

Description

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Metrics

CVSS 3.1

4.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.25%

15.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Intel	Active Management Technology Software Development Kit	< 16.0.3
Intel	Setup And Configuration Software	< 12.2
Intel	Management Engine Bios Extension	< 15.0.0.0004
Intel	Management Engine Bios Extension	< 14.0.0.0004
Intel	Management Engine Bios Extension	< 12.0.0.0011
Intel	Management Engine Bios Extension	< 11.0.0.0012
Intel	Core I3 Firmware	All versions
Intel	Core I3-1000g1 Firmware	All versions
Intel	Core I3-1000g4 Firmware	All versions
Intel	Core I3-1000ng4 Firmware	All versions
Intel	Core I3-1005g1 Firmware	All versions
Intel	Core I3-10100 Firmware	All versions
Intel	Core I3-10100e Firmware	All versions
Intel	Core I3-10100f Firmware	All versions
Intel	Core I3-10100t Firmware	All versions
Intel	Core I3-10100te Firmware	All versions
Intel	Core I3-10100y Firmware	All versions
Intel	Core I3-10105 Firmware	All versions
Intel	Core I3-10105f Firmware	All versions
Intel	Core I3-10105t Firmware	All versions
Intel	Core I3-10110u Firmware	All versions
Intel	Core I3-10110y Firmware	All versions
Intel	Core I3-10300 Firmware	All versions
Intel	Core I3-10300t Firmware	All versions
Intel	Core I3-10305 Firmware	All versions
Intel	Core I3-10305t Firmware	All versions
Intel	Core I3-10320 Firmware	All versions
Intel	Core I3-10325 Firmware	All versions
Intel	Core I3 8100 Firmware	All versions
Intel	Core I3 8100f Firmware	All versions
Intel	Core I3 8100t Firmware	All versions
Intel	Core I3 8300 Firmware	All versions
Intel	Core I3 8300t Firmware	All versions
Intel	Core I3 8350k Firmware	All versions
Intel	Core I3 9100 Firmware	All versions
Intel	Core I3 9100f Firmware	All versions
Intel	Core I3 9100t Firmware	All versions
Intel	Core I3 9300 Firmware	All versions
Intel	Core I3 9300t Firmware	All versions
Intel	Core I3 9320 Firmware	All versions
Intel	Core I3 9350k Firmware	All versions
Intel	Core I3 9350kf Firmware	All versions
Intel	Core I5 Firmware	All versions
Intel	Core I5\+8400 Firmware	All versions
Intel	Core I5\+8500 Firmware	All versions
Intel	Core I5-10110y Firmware	All versions
Intel	Core I5-10200h Firmware	All versions
Intel	Core I5-10210u Firmware	All versions
Intel	Core I5-10210y Firmware	All versions
Intel	Core I5-10300h Firmware	All versions

Showing 50 of 183 affected configurations. See NVD for the full list.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.htmlPatch, Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.htmlPatch, Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.htmlPatch, Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.htmlPatch, Vendor Advisory

Timeline

Published: Feb 9, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-33107?

How severe is CVE-2021-33107?

CVE-2021-33107 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.

How do I fix CVE-2021-33107?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-33107?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST