CVE-2021-33107

MEDIUM Year: 2021
CVSS v3 Score
4.6
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-522
View all →

Vulnerability Description

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access.

Related Vulnerabilities

CVE-2017-2751

MEDIUM
CVSS:4.6(Medium)

A BIOS password extraction vulnerability has been reported on certain consumer notebooks with firmware F.22 and others. The BIOS password was stored in CMOS in a way that allowed it to be extracted. T...

CWE-5222017

CVE-2019-4723

MEDIUM
CVSS:4.6(Medium)

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172...

CWE-5222019

CVE-2019-4724

MEDIUM
CVSS:4.6(Medium)

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.

CWE-5222019

CVE-2020-12309

MEDIUM
CVSS:4.6(Medium)

Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via phys...

CWE-5222020

CVE-2020-16097

MEDIUM
CVSS:4.6(Medium)

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed...

CWE-5222020

CVE-2021-27941

MEDIUM
CVSS:4.6(Medium)

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically pr...

CWE-5222021