CVE-2021-0002

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

CVSS v3 7.1 HIGH
CVSS v2.0 3.6 LOW

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUZYFCI7N4TFZSIGA7WGZ4Q7V3EK76GH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKMUMLUH6ENNMLGTJ5AFRF6764ILEMYJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFLYHRQPDF6ZMESCI3HRNOP6D6GELPFR/
https://security.netapp.com/advisory/ntap-20210827-0008/	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00515.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:ethernet_controller_e810_firmware:*:*:*:*:*:linux:*:*

cpe:2.3:h:intel:ethernet_controller_e810:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-11 13:15

Updated : 2023-11-07 03:27

NVD link : CVE-2021-0002

Mitre link : CVE-2021-0002

CVE.ORG link : CVE-2021-0002

JSON object : View

Products Affected

intel

ethernet_controller_e810
ethernet_controller_e810_firmware

fedoraproject

fedora

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2021-0002", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2021-08-11T13:15:15.513", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUZYFCI7N4TFZSIGA7WGZ4Q7V3EK76GH/", "source": "secure@intel.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKMUMLUH6ENNMLGTJ5AFRF6764ILEMYJ/", "source": "secure@intel.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFLYHRQPDF6ZMESCI3HRNOP6D6GELPFR/", "source": "secure@intel.com"}, {"url": "https://security.netapp.com/advisory/ntap-20210827-0008/", "tags": ["Third Party Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00515.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access."}, {"lang": "es", "value": "Una comprobaci\u00f3n de condiciones inapropiadas en algunos controladores Intel(R) Ethernet de la serie 800 para Linux versiones anteriores a 1.4.11, puede permitir a un usuario autenticado habilitar potencialmente una divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio por medio del acceso local"}], "lastModified": "2023-11-07T03:27:02.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:ethernet_controller_e810_firmware:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "D19880AD-FB75-4267-A3AC-B54D31740524", "versionEndExcluding": "1.4.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:ethernet_controller_e810:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FAAF14CD-89F6-49F3-8E74-3EE0535D8513"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}