July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Intel Products Vulnerabilities
May 20, 2024Facebook Messenger Leveraged by Kimsuky APT in Targeted Malware Campaign – Active IOCs
May 20, 2024Multiple Intel Products Vulnerabilities
May 20, 2024Facebook Messenger Leveraged by Kimsuky APT in Targeted Malware Campaign – Active IOCs
May 20, 2024
Severity
Medium
Analysis Summary
CVE-2021-33161 CVSS:7.2
Intel Ethernet Adapters and Intel Ethernet Controller I225 could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient control flow management. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2021-33162 CVSS:8.4
Intel Ethernet Adapters and Intel Ethernet Controller I225 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2021-33145 CVSS:7.2
Intel Ethernet Adapters and Intel Ethernet Controller I225 could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncaught exception. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2021-33157 CVSS:7.2
Intel Ethernet Adapters and Intel Ethernet Controller I225 could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient control flow management. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2021-33158 CVSS:7.2
Intel Ethernet Adapters and Intel Ethernet Controller I225 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper neutralization. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2022-37341 CVSS:7.2
Intel Ethernet Adapters and Intel Ethernet Controller I225 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2021-33141 CVSS:8.6
Intel Ethernet Adapters and Intel Ethernet Controller I225 is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-33142 CVSS:6
Intel Ethernet Adapters and Intel Ethernet Controller I225 is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-21828 CVSS:6.7
Intel Ethernet Controller Administrative Tools Installer Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-41092 CVSS:7.6
Intel FPGA Firmware is vulnerable to a denial of service, caused by an unchecked return value in SDM firmware. A remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-22390 CVSS:4.4
Intel FPGA Firmware is vulnerable to a denial of service, caused by improper input validation in firmware. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-49614 CVSS:5.7
Intel FPGA Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write in firmware. An authenticated attacker could exploit this vulnerability to gain elevated privileges and obtain sensitive information.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2021-33161
- CVE-2021-33162
- CVE-2021-33145
- CVE-2021-33157
- CVE-2021-33158
- CVE-2022-37341
- CVE-2021-33141
- CVE-2021-33142
- CVE-2024-21828
- CVE-2023-41092
- CVE-2024-22390
- CVE-2023-49614
Affected Vendors
Intel
Affected Products
- Intel Agilex 7 FPGA and SoC FPGA product families
- Intel Stratix 10 FPGA and SoC FPGA product families
- Intel Ethernet Adapters
- Intel Ethernet Controller I225 Manageability firmware
- Intel Ethernet Controller Administrative Tools Installer Software 28.2
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.